[Bug]: Cloudflare worker timed out due to calculating hash

[drighart]

Package

lucia-auth

Describe the bug

The create user method creates an user based on username/email and password. The password is send to the backend where it is hashed and the hash is stored in the database (This is also best practise).

In my case we are deploying the 'backend' on Cloudflare using Workers (using the cloudflare adapter). Calculating the hash takes to much time for the worker and the worker timed-out. For now, I adjusted some parameters to test it is working (and it is). However, it is not a durable solution.

The utils folder contains the file crypto.js and contains the code:

const hashWithScrypt = async (s, salt, blockSize = 16) => {
    const keyUint8Array = await scrypt(new TextEncoder().encode(s), new TextEncoder().encode(salt), {
        N: 1024,
        r: blockSize,
        p: 1,
        dkLen: 32
    });
    return convertUint8ArrayToHex(keyUint8Array);
};

The code above I have already adjusted (not sure if the hash is secure enough).

Possible solutions:

• Create configuration for hashing the password
• Or create the "create user" method in the adapter, so it can be specific implemented for an adapter.

Thx, David

[pilcrowonpaper]

There's already a configuration for overriding the hashing algorithm: https://lucia-auth.com/basics/configuration/#passwordhash

This is a limitation of Cloudflare Workers not Lucia and making it less resource intensive is not a viable option security wise