Performance: Password hashing with bcrypt
MEDIUM IMPACT
This affects server response time and user experience during authentication by adding CPU work for hashing passwords securely.
0
0
Password hashing with bcrypt in FastAPI - Performance & Optimization
Hashing user passwords securely during signup or login
FastAPI
import bcrypt password = b"user_password" hashed = bcrypt.hashpw(password, bcrypt.gensalt(rounds=12))
Higher cost factor increases CPU time to slow down brute force attacks, improving security.
📈 Performance Gainadds ~100-200ms CPU time per hash, balancing security and user wait time
Hashing user passwords securely during signup or login
FastAPI
import bcrypt password = b"user_password" hashed = bcrypt.hashpw(password, bcrypt.gensalt(rounds=4))
Using a very low cost factor (rounds=4) makes hashing fast but weakens security, risking password cracking.
📉 Performance Costfast hashing, minimal CPU load, but poor security
Performance Comparison
| Pattern | CPU Load | Blocking | Security Strength | Verdict |
|---|---|---|---|---|
| Low cost factor (rounds=4) | Low CPU | Minimal blocking | Weak security | [X] Bad |
| Recommended cost factor (rounds=12) | Medium CPU | Moderate blocking | Strong security | [OK] Good |
| Synchronous verification | Medium CPU | Blocks event loop | Strong security | [X] Bad |
| Asynchronous verification | Medium CPU | Non-blocking | Strong security | [OK] Good |
Rendering Pipeline
Password hashing with bcrypt happens on the server side before sending any response, so it does not affect browser rendering directly but impacts server response time.
→Server CPU processing
→Response time
⚠️ BottleneckCPU-intensive hashing step delays response generation
Optimization Tips
1Use a bcrypt cost factor that balances security and acceptable server response time (commonly 12).
2Perform bcrypt hashing and verification asynchronously to avoid blocking server event loop.
3Avoid very low cost factors that speed up hashing but reduce password security.
Performance Quiz - 3 Questions
Test your performance knowledge
What is the main performance cost of using bcrypt for password hashing in a FastAPI app?
DevTools: Network and Performance panels
How to check: Use Network panel to measure server response time; use Performance panel to record and analyze server-side delays if possible with backend profiling tools.
What to look for: Look for increased server response time during login/signup requests indicating bcrypt hashing cost; check if UI is blocked waiting for response.