Skip to content

User Story: Increase bcrypt cost factor in src/javascript/backend/auth/authentication.js #84

New issue
New issue
Open
Open
User Story: Increase bcrypt cost factor in src/javascript/backend/auth/authentication.js#84
Labels
buggy-fileFiles that are intentionally buggy or brokenneeds-reviewNeeds human reviewsecuritySecurity related issues
@aliAljaffer

Description

@aliAljaffer
aliAljaffer
opened on Oct 13, 2025

As a developer
I want to use a stronger bcrypt cost factor when hashing passwords in src/javascript/backend/auth/authentication.js
So that user passwords are hashed with sufficient work factor to resist brute-force attacks

Acceptance Criteria

  • Replace bcrypt.hash(password, 8) with a configurable, stronger cost (e.g. 12 or higher) or use an environment-configured value.
  • Add a comment explaining why the chosen cost is appropriate and how to tune it.
  • Run a basic test demonstrating hashing and verification still succeed.

Details
Found: const hashedPassword = await bcrypt.hash(password, 8); (insufficient rounds). This is a security weakness in the JS. Adjust the cost and make it configurable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    buggy-fileFiles that are intentionally buggy or brokenneeds-reviewNeeds human reviewsecuritySecurity related issues

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions