Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NodeJS BCRYPT cost calculator
/**
* Password BCRYPT Hash Cost Calculator for NodeJS
*
* Just upload this script to your server and run it.
*
* You should choose a cost that will take at least 100ms (500ms preferably)
*
* Uses bcrypt.js from https://github.com/dcodeIO/bcrypt.js
*/
const { performance } = require('perf_hooks');
const bcrypt = require('bcryptjs');
// Upper time limit to check
const upperTimeLimit = 1000;
const password = 'this_is_just_a_long_string_to_test_on_U8WNZqmz8ZVBNiNTQR8r';
console.log(`\nPassword BCRYPT Hash Cost Calculator\n`);
console.log(`We're going to run until the time to generate the hash takes longer than ${upperTimeLimit}ms`);
var cost = 3;
var first_cost_above_100 = null;
var first_cost_above_500 = null;
var time, start, stop;
// Force bcrypt lib to init itself on first run (to not skew results)
bcrypt.hashSync(password, 0);
do {
cost++;
process.stdout.write(`Testing cost value of ${cost}:`);
start = performance.now();
bcrypt.hashSync(password, cost);
stop = performance.now();
time = stop - start;
console.log(`... took ${time}ms`);
if (first_cost_above_100 === null && time > 100) {
first_cost_above_100 = cost;
} else if (first_cost_above_500 === null && time > 500) {
first_cost_above_500 = cost;
}
} while (time < upperTimeLimit);
console.log(`\nYou should use a cost between ${first_cost_above_100} and ${first_cost_above_500}`);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment