Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon What advanced authentication methods does Bun use


What advanced authentication methods does Bun use


Bun's Advanced Authentication Methods

Bun provides a built-in `Bun.password` API for securely hashing and verifying passwords using advanced authentication methods:

1. Secure Hashing Algorithms

Bun supports two secure password hashing algorithms out of the box:

- Argon2id (default) - A memory-hard, password-hashing function that is resistant to GPU cracking attacks and side-channel attacks
- Bcrypt - A widely-used adaptive hash function based on the Blowfish symmetric-key algorithm

Both algorithms are configured with secure default parameters that can be customized if needed[3][5].

2. Unique Salts

A unique, random salt is automatically generated for each password hash to protect against rainbow table attacks. The salt is securely combined with the password before hashing[3][5].

3. Verification Functions

Bun includes `Bun.password.verify()` functions to check if a plaintext password matches a stored hash, without needing to re-hash the password. This prevents timing attacks[3][5].

4. Compatibility Encoding

Argon2 hashes are encoded in the PHC string format, while bcrypt hashes use the Modular Crypt Format for compatibility with existing bcrypt implementations[5].

In summary, Bun's built-in password hashing provides a convenient and secure way to manage passwords, following industry best practices like using strong algorithms, salting hashes, and providing verification functions. This helps developers build more secure applications without needing to implement complex password handling logic themselves.

Citations:
[1] https://www.onelogin.com/blog/advanced-authentication-the-way-forward
[2] https://github.com/zoelabbb/bunauth
[3] https://bun.sh/guides/util/hash-a-password
[4] https://www.strongdm.com/blog/authentication-methods
[5] https://bun.sh/blog/bun-v0.6.8
[6] https://dev.to/harshmangalam/add-jwt-authentication-in-bun-api-488d
[7] https://github.com/oven-sh/bun/discussions/10335
[8] https://delinea.com/blog/20-password-management-best-practices