Node.jsframework~8 mins

Password hashing with bcrypt in Node.js - Performance & Optimization

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Performance: Password hashing with bcrypt

MEDIUM IMPACT

This affects server response time during user authentication and registration due to CPU-intensive hashing.

Hashing user passwords securely during signup

Node.js

const bcrypt = require('bcrypt');

async function hashPassword(password) {
  const saltRounds = 12; // recommended secure level
  return await bcrypt.hash(password, saltRounds);
}

Higher salt rounds increase CPU work, making hashes slower but much more secure.

📈 Performance Gainstrong security with acceptable CPU cost; prevents brute force attacks

Hashing user passwords securely during signup

Node.js

const bcrypt = require('bcrypt');

async function hashPassword(password) {
  const saltRounds = 4; // very low
  return await bcrypt.hash(password, saltRounds);
}

Using very low salt rounds weakens security and may encourage faster but unsafe hashing.

📉 Performance Costfast hashing but insecure, risking data breaches

Performance Comparison

Pattern	CPU Load	Event Loop Blocking	Response Delay	Verdict
Low salt rounds (e.g., 4)	Low CPU	No blocking	Fast response	[!] OK but insecure
Recommended salt rounds (e.g., 12)	High CPU	No blocking if async	Moderate delay (~100ms)	[OK] Secure and performant
Synchronous bcrypt calls	High CPU	Blocks event loop	Delays all requests	[X] Bad for server responsiveness

Rendering Pipeline

bcrypt hashing runs on the server CPU and does not affect browser rendering pipeline directly but impacts server response time.

→Server CPU processing

→Response time

⚠️ BottleneckCPU-intensive hashing delays server response

Optimization Tips

1Use asynchronous bcrypt methods to avoid blocking the Node.js event loop.

2Balance salt rounds to ensure strong security without excessive CPU delay.

3Avoid synchronous bcrypt calls in production to keep server responsive.

Performance Quiz - 3 Questions

Test your performance knowledge

What is the main performance impact of using bcrypt with high salt rounds?

AIncreased network bandwidth usage

BIncreased browser rendering time

CIncreased CPU usage causing slower server responses

DIncreased database query time

DevTools: Node.js Profiler or Chrome DevTools Performance panel (remote debugging)

How to check: Record CPU profile during login/signup requests; look for bcrypt hashing functions duration and event loop blocking

What to look for: Long CPU tasks blocking event loop indicate synchronous bcrypt usage; async usage shows shorter blocking times