Password hashing on Edge

Normally if we are using supabase or firebase, it handles all the auth for us, but if we are implementing our own, then how do we hash the password on edge? Most algorithms such as bcrypt, argon2 or scrypt requires some sort of node-specific api (when using the js library) and some such as fs or path is not exposed on vercel. Or Is it better to use passwordless auth?
2 Replies
Porto
Porto11mo ago
Edge is based on the web standard so you can just use the Web Crypto API: https://developer.mozilla.org/en-US/docs/Web/API/Crypto Here is a Vercel example running crypto in a middleware at the edge: https://github.com/vercel/examples/blob/main/edge-middleware/crypto/pages/api/crypto.ts
MDN Web Docs
Crypto - Web APIs | MDN
The Crypto interface represents basic cryptography features available in the current context. It allows access to a cryptographically strong random number generator and to cryptographic primitives.
GitHub
examples/edge-middleware/crypto/pages/api/crypto.ts at main · verce...
Enjoy our curated collection of examples and solutions. Use these patterns to build your own robust and scalable applications. - vercel/examples
not sam
not sam11mo ago
thank you for the examples, however crypto api only provides SHA and PBKDF2 hash functions which is not the best compared to bcrypt/argon2. Many libraries are built on top of the crypto api to provide a more secure hashing function. While crypto api is indeed exposed on vercel, other libraries that are built on top on crypto (such as oslo, argon2, bcrypt) requires additional node apis that are not exposed on vercel. That being said, I am not really sure how insecure is SHA compared to other algorithms and whether I should use it or nnot.
Want results from more Discord servers?
Add your server