DEV Community

loading...

Discussion on: Is it still safe for large production applications with a large user base to use bcrypt as the password hashing algorithm ?

Collapse
andreanidouglas profile image
Douglas R Andreani

The problem with bcrypt is that, it's very secure if you know what you are doing. Select the wrong parameters and you can screw everything.
On the other hand, newer implementations will not allow you to selece insecure hashes and being easier to use.

Collapse
nijeesh4all profile image
Nijeesh Joshy Author

SO there is no need for changing it if i am using the bcrypt out of a std library like device for rails or passport for node ?

Collapse
andreanidouglas profile image
Douglas R Andreani

I can't guarantee you that. You should read to understand best practices to use bcrypt and make sure you are following all of them.