Closed drighart closed 11 months ago
There's already a configuration for overriding the hashing algorithm: https://lucia-auth.com/basics/configuration/#passwordhash
This is a limitation of Cloudflare Workers not Lucia and making it less resource intensive is not a viable option security wise
Package
lucia-auth
Describe the bug
The create user method creates an user based on username/email and password. The password is send to the backend where it is hashed and the hash is stored in the database (This is also best practise).
In my case we are deploying the 'backend' on Cloudflare using Workers (using the cloudflare adapter). Calculating the hash takes to much time for the worker and the worker timed-out. For now, I adjusted some parameters to test it is working (and it is). However, it is not a durable solution.
The
utils
folder contains the filecrypto.js
and contains the code:The code above I have already adjusted (not sure if the hash is secure enough).
Possible solutions:
Thx, David