github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-31 19:36:46 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity

docs: add Argon2 password hashing example (#6688)

Browse Source
This commit is contained in:
Saviru
2025-12-11 12:15:53 +05:30
committed by github-actions[bot]
parent 5bfe62f180
commit 3cb5ded4c7
1 changed files with 36 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
docs/content/docs/authentication/email-password.mdx
View File

@@ -327,21 +327,47 @@ Better Auth stores passwords inside the `account` table with `providerId` set to
**Password Hashing**: Better Auth uses `scrypt` to hash passwords. The `scrypt` algorithm is designed to be slow and memory-intensive to make it difficult for attackers to brute force passwords. OWASP recommends using `scrypt` if `argon2id` is not available. We decided to use `scrypt` because it's natively supported by Node.js.
You can pass custom password hashing algorithm by setting `passwordHasher` option in the `auth` configuration.
You can pass custom password hashing algorithm by setting `password` option in the `emailAndPassword` configuration.
**Example**
Here's an example of customizing the password hashing to use Argon2:
```ts title="password.ts"
import { hash, type Options, verify } from "@node-rs/argon2";
const opts: Options = {
memoryCost: 65536, // 64 MiB
timeCost: 3, // 3 iterations
parallelism: 4, // 4 lanes
outputLen: 32, // 32 bytes
algorithm: 2, // Argon2id
};
export async function hashPassword(password: string) {
const result = await hash(password, opts);
return result;
}
export async function verifyPassword(data: { password: string; hash: string }) {
const { password, hash } = data;
const result = await verify(hash, password, opts);
return result;
}
```
```ts title="auth.ts"
import { betterAuth } from "better-auth"
import { scrypt } from "scrypt"
import { betterAuth } from "better-auth";
import { hashPassword, verifyPassword } from "./password";
export const auth = betterAuth({
emailAndPassword: {
//...rest of the options
emailAndPassword: {
password: {
hash: // your custom password hashing function
verify: // your custom password verification function
}
}
})
enabled: true,
password: {
hash: hashPassword,
verify: verifyPassword,
},
},
});
```
<TypeTable