-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
the Model. authenticate() isn't optimize it takes too much time to execute! #308
Comments
Hi, I'm not related to this project btw |
hmm, I'm not totally related either, but, i know that for modern password hash algorithms like bcrypt, taking a certain amount of time is a feature, not a bug, as it makes brute force attempts more difficult. they also have a work factor that can be used to turn up the amount of work required over time as computers get faster. I don't know if this is related to that or not - it seems like an authenticate call should only have to hash the user's input once, and then see if there's a matching hash in the database. I haven't looked at the authenticate call to see how exactly it works tho. |
Hey everyone,
I have an express application in production, i use passport, passport local and
passport-local-mongoose to handle the authentication strategy, unfortunately the login api take to much time to respond when there is more than 200 users at once’s, it goes more than 30 secondes ... . After hours of debugging i found that the problem is coming from the authenticate() method! I think that the password comparison algorithm isn't optimized.
thanks.
Maher
The text was updated successfully, but these errors were encountered: