您应该假设攻击者拥有最快的实现方式，并且希望通过合理地增加计算成本来减慢攻击者的速度.One of my projects is using the bcrypt module for hashing secrets. A handful of people complain that it's hard to install because of it's dependencies. I've tried to install it on a Windows Server before, it's not a walk in the park.People are asking me to use pure Javascript drop-in replacements such as dcodeIO/bcrypt.js and shaneGirish/bcrypt-nodejs. But I really don't know the security implications of using them. Are they just as reliable? 解决方案 Provided that these implementations are correct, you should use the fastest bcrypt available, which most likely means non-JS implementation.You should assume that an attacker has the most quickest implementation available, and you want to slow the attacker down by increasing the cost of computation as much as you reasonably can. 这篇关于bcrypt Node.js模块的安全性差异的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！