Cryptography is a fascinating topic worthy of many fantastic books! see: http://amzn.to/cthr46
"* Speed is exactly what you don’t want in a password hash function*." ~ Thomas Ptacek
Using bcrypt means there is a "work factor" for computing the hash of each password. Each increment in work-factor (beyond 8) roughly doubles the amount of time required to compute the hash.
// "cost" | ms required
{
'1' : '27ms',
'2' : '27ms',
'3' : '27ms',
'4' : '27ms',
'5' : '28ms',
'6' : '28ms',
'7' : '28ms',
'8' : '32ms',
'9' : '65ms',
'10': '120ms',
'11': '226ms',
'12': '447ms', // sweet spot for web apps (page/API response under 1 sec)
'13': '914ms',
'14': '1810ms',
'15': '3673ms',
'16': '7634ms',
'17': '15449ms',
'18': '28531ms',
'19': '51857ms',
'20': '98165ms' // 98 seconds
}- Core Crypto: http://nodejs.org/api/crypto.html
- bcrypt: https://www.npmjs.com/package/bcrypt
- *bcrypt.js: https://github.com/dcodeIO/bcrypt.js
- scrypt: https://www.npmjs.com/package/scrypt
- js-scrypt: https://www.npmjs.com/package/js-scrypt (mostly borrowed from: https://code.google.com/p/javascript-bcrypt/)
This is a huge and fascinating topic, don't skip the background (general) reading if you are serious about understanding security!
- Basic Principals: http://www.thegeekstuff.com/2012/07/cryptography-basics/
- Comprehensive intro: http://www.ciphersbyritter.com/LEARNING.HTM
- CS255: Introduction to Cryptography (Stanford Course): https://crypto.stanford.edu/~dabo/cs255/
- Cryptography: An Introduction (3rd Edition Full Book PDF): http://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf
- How To Safely Store A Password: http://codahale.com/how-to-safely-store-a-password/
- Securing Passwords: http://www.securityfocus.com/blogs/262
- Proof of Work: https://en.wikipedia.org/wiki/Proof-of-work_system
- Cryptographic hash function http://en.wikipedia.org/wiki/Cryptographic_hash_function
- Asymptotic analysis: http://en.wikipedia.org/wiki/Asymptotic_analysis
- Bcrypt: http://en.wikipedia.org/wiki/Bcrypt
- Blowfish: http://en.wikipedia.org/wiki/Blowfish_(cipher)
- Scrypt: https://en.wikipedia.org/wiki/Scrypt
- The Lazy Programmer's Guide to Secure Computing http://youtu.be/eL5o4PFuxTY?t=1m3s