Hash -- create password using Hash make request very slow on save to database

I switched to Encryption to hash user password instead of Hash because when I used Hash, the save request took long time to finish. Anyone face same issue?

That’s by design. The hashing algorithms are always slow, to make the password attacks more expensive. Just search on google Why bcrypt is slow?

1 Like

But it’s not normal to wait quite long time around 20 seconds to finish. Hashing password in other programmings like PHP or Python doesn’t seem to be very slow.
I think there should be a workaround to make the performance better.

@chheunpheara

Does hashing take ~20 sec or saving it into database?

20 sec is lil bit too long, super simplified: the longer it takes, the safer your users are.
But also the longer it takes the more you are exposed to DDoS attacks, if you don’t have any protection.

Also there is bcrypt configuration inside config/hash.js

  bcrypt: {
    rounds: 10
  },

You can increase or decrease rounds based on your server’s performance