TTC
Theo's Typesafe Cult6mo ago
not sam

Password hashing on Edge

Normally if we are using supabase or firebase, it handles all the auth for us, but if we are implementing our own, then how do we hash the password on edge? Most algorithms such as bcrypt, argon2 or scrypt requires some sort of node-specific api (when using the js library) and some such as fs or path is not exposed on vercel. Or Is it better to use passwordless auth?
2 Replies
Porto
Porto6mo ago
Edge is based on the web standard so you can just use the Web Crypto API: https://developer.mozilla.org/en-US/docs/Web/API/Crypto Here is a Vercel example running crypto in a middleware at the edge: https://github.com/vercel/examples/blob/main/edge-middleware/crypto/pages/api/crypto.ts
MDN Web Docs
Crypto - Web APIs | MDN
The Crypto interface represents basic cryptography features available in the current context. It allows access to a cryptographically strong random number generator and to cryptographic primitives.
GitHub
examples/edge-middleware/crypto/pages/api/crypto.ts at main · verce...
Enjoy our curated collection of examples and solutions. Use these patterns to build your own robust and scalable applications. - vercel/examples
not sam
not sam6mo ago
thank you for the examples, however crypto api only provides SHA and PBKDF2 hash functions which is not the best compared to bcrypt/argon2. Many libraries are built on top of the crypto api to provide a more secure hashing function. While crypto api is indeed exposed on vercel, other libraries that are built on top on crypto (such as oslo, argon2, bcrypt) requires additional node apis that are not exposed on vercel. That being said, I am not really sure how insecure is SHA compared to other algorithms and whether I should use it or nnot.
Want results from more Discord servers?
Add your server
More Posts
Sign-in issueThe option to sign in using github is not loadingWhat are some of the most simple database products to get started with?I'm trying to start a new project and I see Theo often recoemnds cool new technologies that really sWhy do I have to delete everything when creating a new project using t3?I had just cloned an empty project from GitLab and wanted to use t3. But it keeps on telling me to dLoading UI not showinghey folks I'm using the T3 stack with app router I'm fetching some data and on the basis of data I'mServer Side Rendering & TRPC Router / Client CodeHey guys I'm using t3 stack and trying to load data server side with hydration/dehydration - not surnextjs hooksi am new to next js and i created a simple cource website and this is the error i am facing while Genius ask the Java problem question in Typescript relate serverI currently learning JAVA, so i rewriting my old JS algorithm from leetcode to practice JAVA. the prProblem with react-hook-formso basically my form is submitting only one time after that i need to reload the page so it will sub