Could you use browserify to require node-bcrypt client-side and then send the hash to the server?

Could you use browserify to require node-bcrypt client-side and then send the hash to the server?

Does this just sou开发者_StackOverflownd really awesome or could it actually provide more security then passing plaintext to the server over SSL? What if we are passing the plaintext via websockets?

Thanks!

node-bcrypt depends on native OpenSSL support. In its current configuration, it won't work in the browser. According to this question, there are no pure javascript implementations of bcrypt, but blowfish, a similar algorithm, does have pure javascript implementations.

For question 2, stick with the standard of TLS (via HTTPS) for your end-to-end encryption. Chances that your functional requirements require something custom are pretty slim.