dcodeIO
Clarify how to decide between bcrypt vs bcrypt.js in README
This should be explained simply in terms a beginner can understand. I think a pro's, con's list would be a good format. I'll attempt one below, but I admit I'm uncertain about the deciding factors.
#14, #5, and #95 focus on clarifying the performance differences (which IS included in README), but don't expand on how one decides which to use.
bcrypt.js PROS
- 0 dependencies: eliminates the risk of a malicious dependency being inserted into your project.
- Written in JavaScript: mitigates issues running
bcrypton some machines.
bcrypt.js CONS
- 30% slower: less rounds can be run when encrypting an input in a fixed amount of time - resulting in less secure encryption.
PROS:
- Better Docker support. bcrypt works differently on different OSes, packages for Mac, Windows and Linux are different. So you have to load the appropriate package into the container, a huge hassle during development.
I'm a non pro, but I assume it has to work same on the browser so you can read on the server. And browsers are all different.
I'm a non pro, but I assume it has to work same on the browser so you can read on the server. And browsers are all different.
You miss understood me. bcrypt works the same on different OSes, but it apparently uses different packages on different OSes. This poses a problem for me as I'm developing projects on a Mac and use Docker images (which are based on Linux) to run them. The Docker image virtualizes the output directory on the Mac as the Node root. And in this case bcrypt fails. To continue using bcrypt, I'd have to install the bcrypt package on the image, which becomes a huge hassle, as I'd have to instal all the remaining Node packages onto the image, and every time I change the packages, I'd have to redo it on the image.