Home

hashSync

hashSync is a synchronous password hashing function provided by the bcrypt library for Node.js applications. It generates a cryptographically secure hash from a plain text password string by automatically producing a salt and combining it with the password using the Blowfish cipher-based hashing algorithm. The function accepts two parameters: the password to hash and a salt rounds value that determines the computational cost of generating the hash. Higher salt rounds increase security by slowing down brute-force attacks but require more processing time; 10-12 rounds are generally recommended for modern systems.

Unlike its asynchronous counterpart hash, hashSync blocks the event loop until the hashing operation completes, making

Security best practices recommend never storing plain text passwords and always using a unique salt per password,

it
suitable
only
for
infrequent
operations
such
as
initializing
administrative
accounts
or
infrequent
password
changes
during
application
setup.
For
regular
user
authentication
flows,
the
asynchronous
version
is
strongly
preferred
to
maintain
application
responsiveness.
The
function
returns
the
hash
as
a
single
string
that
includes
both
the
salt
and
the
hashed
password,
stored
in
a
modular
crypt
format
that
bcrypt
can
later
parse
during
verification
using
the
compare
or
compareSync
functions.
This
self-contained
format
ensures
proper
salt
storage
without
requiring
separate
database
fields.
which
bcrypt
handles
automatically.
While
hashSync
offers
simplicity
for
scripts
and
infrequent
operations,
developers
should
carefully
consider
the
blocking
nature
of
synchronous
cryptography
in
server
environments
to
prevent
performance
degradation
under
load.