Facebook Pixel

Do I need to store the bcrypt salt separately?

No. bcrypt stores the salt inside the hash. You only store the hash. bcrypt.compare extracts the salt automatically when verifying.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in How to Hash Passwords in Node.js With bcrypt

Use bcrypt. const hashed = await bcrypt.hash(password, 10). The second argument is salt rounds; 10 is a good default. Verify with bcrypt.compare(password, hash). Hash in a pre('save') Mongoose hook or in the controller.

bcrypt is designed for passwords. It is slow on purpose (so brute-forcing hashes is expensive) and has a salt built in (so two users with the same password get different hashes). It is the standard choice.

10 is a good default. It takes about 100ms on a modern CPU. Higher is slower (safer against brute force); lower is faster (weaker). For high-security apps, use 12. For most apps, 10 is fine.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.