When it comes to security, the library with the most eyeballs reviewing it for security holes (remember Heartbleed?) is probably the better choice. Speed is secondary.
That shouldn't mean that a more performant library should never ever replace a widely trusted security library, but this is not an area in which to be the early adopter and rush in (: On Friday, September 12, 2014 6:23:03 AM UTC-4, Adrian Lynch wrote: > > Cheers Matt, > > I expected it to be faster because its speed is talked about on the GH > page: > > https://github.com/fpirsch/twin-bcrypt > > I'm just coming into the Node world and didn't know about asm.js not being > supported in V8. > > I asked the author of that repo directly and he filled me in on what you > mentioned: > > https://github.com/fpirsch/twin-bcrypt/issues/1 > > Of course being slow is a good thing with BCrypt, but given two modules > that do the same thing, you want to be running the fastest one, surely? > > A > > On 11 September 2014 14:19, Matt <hel...@gmail.com <javascript:>> wrote: > >> Two issues: 1) Why would you expect it to be faster? It's pure JS using >> asm.js (which Node doesn't support), vs bcrypt is compiled C code. And 2) >> Being slow is a feature of bcrypt - it makes brute force cracking harder. >> >> On Wed, Sep 10, 2014 at 10:54 AM, Adrian Lynch < >> adrian...@concreteplatform.com <javascript:>> wrote: >> >>> I'm seeing bcryptjs beat twin every time with the following code: >>> >>> var bcryptJS = require('bcryptjs'); >>> var twinBcrypt = require('twin-bcrypt'); >>> >>> var password = "password"; >>> var rounds = 12; >>> var hash, start, end; >>> >>> // twin-bcrypt >>> start = new Date(); >>> hash = twinBcrypt.hashSync(password, twinBcrypt.genSalt(rounds)); >>> end = new Date(); >>> console.log("Took \t" + (end - start) + "ms\t to hash '" + password + "' >>> into '" + hash + "'"); >>> >>> // bcryptjs >>> start = new Date(); >>> hash = bcryptJS.hashSync(password, bcryptJS.genSaltSync(rounds)); >>> end = new Date(); >>> console.log("Took \t" + (end - start) + "ms\t to hash '" + password + "' >>> into '" + hash + "'"); >>> >>> On my Mac, BJS comes in at ~950ms and twim, ~1700ms. >>> >>> From the description of twin-bcrypt, I'd expect it to be quicker. >>> >>> Does my test code look OK? Am I mis-using the libs? >>> >>> Thanks. >>> >>> Adrian >>> >>> -- >>> Job board: http://jobs.nodejs.org/ >>> New group rules: >>> https://gist.github.com/othiym23/9886289#file-moderation-policy-md >>> Old group rules: >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to nodejs+un...@googlegroups.com <javascript:>. >>> To post to this group, send email to nod...@googlegroups.com >>> <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/nodejs/CAH368SSHMxGhSWepY5bOETSdkW8uY76b%3D8FFm6Tk6yt2aKWVRQ%40mail.gmail.com >>> >>> <https://groups.google.com/d/msgid/nodejs/CAH368SSHMxGhSWepY5bOETSdkW8uY76b%3D8FFm6Tk6yt2aKWVRQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> Job board: http://jobs.nodejs.org/ >> New group rules: >> https://gist.github.com/othiym23/9886289#file-moderation-policy-md >> Old group rules: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> --- >> You received this message because you are subscribed to the Google Groups >> "nodejs" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to nodejs+un...@googlegroups.com <javascript:>. >> To post to this group, send email to nod...@googlegroups.com >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/nodejs/CAPJ5V2ZnpqBYb%3DgNU2pCeo1BnBiG2r5kx6sBVbb5kRZw3FSF0A%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/nodejs/CAPJ5V2ZnpqBYb%3DgNU2pCeo1BnBiG2r5kx6sBVbb5kRZw3FSF0A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to nodejs+unsubscr...@googlegroups.com. To post to this group, send email to nodejs@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/48eae287-6b08-43d5-b393-aeda7894f078%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
