search

ericelliott / credential

Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.
MIT License
348 stars 28 forks source link

the 'verify' function takes too much time, about 1.3 seconds #84

Closed changchengqin closed 5 years ago

changchengqin commented 5 years ago

the 'verify' function takes too much time, about 1.3 seconds

ericelliott commented 5 years ago

In general, hard computational work is an intentional and essential security feature. That's what supplies security against password crackers. If your system can't handle it in reasonable time, either use a faster system for verification or delegate authorization to a service like Google Firebase or Auth0.

Degrading the work time to make it faster would be irresponsible.

There is an open issue which may have a positive impact on performance. You're welcome to contribute to it if the suggestions help.

changchengqin commented 5 years ago

thank you.