Echo JS 0.11.0

<~>

tracker1 1915 days ago. link 2 points
Nice intro to hashing and bcrypt library.  I've tended to favor pbkdf2 lately, mostly because it's "in the box" and has generally been a hard requirement (NIST recommended) for some of the work I do (government clients).

I would suggest considering going to 12 rounds over 10, if your deployment server can handle it.  It does become a potential DDoS attack vector if you aren't tracking/limiting failed attempts by user and IP.