Back to Agent Skills
Security & Quality
bcrypt Password Hashing
Hash and verify passwords securely using bcrypt with configurable salt rounds for Node.js applications.
Claude Code Cursor Copilot Windsurf Gemini CLI Codex
Overview
bcrypt is a password hashing function designed by Niels Provos and David Mazieres, based on the Blowfish cipher. The node.bcrypt.js library provides native C++ bindings for bcrypt in Node.js, delivering high-performance password hashing with automatic salt generation and configurable work factors.
The work factor (salt rounds) parameter controls the computational cost of hashing. Each increment doubles the time required, allowing you to scale security as hardware improves. A work factor of 10-12 is commonly recommended for production use, balancing security against response time. The library handles salt generation automatically, embedding the salt in the hash output.
bcrypt is specifically designed for password hashing, unlike general-purpose hash functions like SHA-256. Its intentional slowness and built-in salt make it resistant to rainbow table attacks, brute force attacks, and GPU-accelerated cracking. The library provides both synchronous and asynchronous APIs, with the async version recommended for server applications to avoid blocking the event loop.
The work factor (salt rounds) parameter controls the computational cost of hashing. Each increment doubles the time required, allowing you to scale security as hardware improves. A work factor of 10-12 is commonly recommended for production use, balancing security against response time. The library handles salt generation automatically, embedding the salt in the hash output.
bcrypt is specifically designed for password hashing, unlike general-purpose hash functions like SHA-256. Its intentional slowness and built-in salt make it resistant to rainbow table attacks, brute force attacks, and GPU-accelerated cracking. The library provides both synchronous and asynchronous APIs, with the async version recommended for server applications to avoid blocking the event loop.
Who Is This For?
- Hash user passwords before storing in a database
- Verify passwords during login authentication
- Migrate from MD5/SHA password hashing to bcrypt
- Implement password change with old password verification
Installation
Setup for Claude Code
npm install bcrypt && npm install -D @types/bcryptConfiguration
import bcrypt from "bcrypt"
const SALT_ROUNDS = 12
// Hash a password
const hash = await bcrypt.hash(plainPassword, SALT_ROUNDS)
// Verify a password
const isMatch = await bcrypt.compare(plainPassword, hash)Explore AI Tools
Discover the best AI tools that complement your skills
Read AI & Design Articles
Tips and trends in the world of design and AI
Related Skills
Security & Quality
Snyk Security Scan
Detect vulnerabilities in your dependencies and application code. Get actionable remediation advice and automatic fix pull requests.
Claude Code Codex Copilot
Security & Quality SonarQube Code Quality
Run continuous code quality and security analysis to catch bugs, code smells, and vulnerabilities before they reach production.
Claude Code Codex Copilot
Security & Quality OWASP ZAP Security Testing
Perform automated web application security testing to find common vulnerabilities like XSS, injection flaws, and misconfigurations.
Claude Code Codex