In our group project this week we used the bcrypt.js
Node.js module to hash our users passwords before storing them in our database, specifically using the .hashSync()
method:
const bcrypt = require("bcryptjs"); const salt = bcrypt.genSaltSync(10); user.password = bcrypt.hashSync(user.password, salt);
In our code review our course leader pointed out that hashing is designed to take a long time for security purposes, so using the synchronous method of hashing will block our server code until the process is finished.
Instead we should do it asynchronously using promises:
const bcrypt = require("bcryptjs"); bcrypt.genSalt(10).then((salt) => bcrypt.hash(user.password, salt));