You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 5, 2026. It is now read-only.
As a developer I want to use a stronger bcrypt cost factor when hashing passwords in src/javascript/backend/auth/authentication.js So that user passwords are hashed with sufficient work factor to resist brute-force attacks
Acceptance Criteria
Replace bcrypt.hash(password, 8) with a configurable, stronger cost (e.g. 12 or higher) or use an environment-configured value.
Add a comment explaining why the chosen cost is appropriate and how to tune it.
Run a basic test demonstrating hashing and verification still succeed.
Details
Found: const hashedPassword = await bcrypt.hash(password, 8); (insufficient rounds). This is a security weakness in the JS. Adjust the cost and make it configurable.
As a developer
I want to use a stronger bcrypt cost factor when hashing passwords in
src/javascript/backend/auth/authentication.jsSo that user passwords are hashed with sufficient work factor to resist brute-force attacks
Acceptance Criteria
bcrypt.hash(password, 8)with a configurable, stronger cost (e.g. 12 or higher) or use an environment-configured value.Details
Found:
const hashedPassword = await bcrypt.hash(password, 8);(insufficient rounds). This is a security weakness in the JS. Adjust the cost and make it configurable.