Resolve "RFC: bcrypt hashing cost factor" (!14) · Merge requests · pubsweet / pubsweet-server · GitLab

This is an archived project. Repository and other project resources are read-only.

Alf Eaton requested to merge 4-bcrypt into master Jan 24, 2017

Switch from bcryptjs to bcrypt
Use 12 rounds of password hashing

Closes #4

Unscientific benchmark - time to run user_test.js

cost	bcryptjs	bcrypt
1	2.5s	2.5s
10	4.7s	3.2s
12	9.4s	4.9s
15	43s	22s

TODO: switch to asynchronous hashing, so the server isn't blocked while a password is being hashed.