# functions
- i
i40west
11/20/2022, 6:11 PMThere's a pure-Javascript bcrypt module called bcryptjs, but since it's pure JS it will need more CPU than you get on the free plan - i
i40west
11/20/2022, 6:11 PMThen there's stuff that's supported here: https://developers.cloudflare.com/workers/runtime-apis/web-crypto/ - s
Skye
11/20/2022, 6:12 PMLooks like https://github.com/cloudflare/next-on-pages/issues/1 will need to be resolved first - s
salutalice
11/20/2022, 6:14 PMIs it supported on paid plans ? - i
i40west
11/20/2022, 6:15 PMI haven't used it personally but others have, yes. I understand it takes a few hundred milliseconds - i
i40west
11/20/2022, 6:16 PMIf you try it on a free plan it should run and you can see how it works - i
i40west
11/20/2022, 6:16 PMyou don't automatically get killed when you hit the cpu limit so for a few requests it should work - s
salutalice
11/20/2022, 6:19 PMThanks I will take a look - z
zsmooth
11/20/2022, 6:42 PMDefinitely use the crypto stuff that’s built in, not the js bcrypt 🙂 - s
salutalice
11/20/2022, 6:46 PMbuilt in is just sha512 right ? - s
salutalice
11/20/2022, 6:46 PMis this oke to use for user data ? - i
i40west
11/20/2022, 6:50 PMI don't see why not, and it would be easier and faster and one less dependency - z
zsmooth
11/20/2022, 6:55 PMYou get a bunch of SHAs and MD5. Depends on your use case, but SHA512 should work for most things - w
Walshy | Pages
11/20/2022, 7:36 PMI appreciate the fix 🙂 Please keep them coming! - w
Walshy | Pages
11/20/2022, 7:47 PMSHA is not good for passwords - w
Walshy | Pages
11/20/2022, 7:47 PMBut for like integrity yes - s
salutalice
11/20/2022, 7:53 PMhow should I store and hash passwords with workers then, if they can't use « standards » like bcrypt ? - z
zsmooth
11/20/2022, 8:03 PMYeah i wasn’t thinking of passwords when i heard “hashing”. I’m don’t know if any of the web crypto algos CF gives you are appropriate… - z
zsmooth
11/20/2022, 8:05 PMMaybe this PBKDF2 (but see note at top and comments) https://gist.github.com/chrisveness/770ee96945ec12ac84f134bf538d89fb - z
zsmooth
11/20/2022, 8:09 PMBased on your use case you might want that js bcrypt after all… but you’ll probably need to use unbound - j
James
11/20/2022, 8:10 PMYeah you can definitely use bcrypt or argon2 with Workers, but you'll need more CPU time via unbound - s
salutalice
11/20/2022, 8:11 PMcan I somehow calculate the costs beforehand ? - j
James
11/20/2022, 8:12 PMhttps://pricing.ceru.dev/ will be your best bet - j
James
11/20/2022, 8:12 PMYou get a healthy amount for free in the base paid plan - more than enough to test and get an idea for how long it'll take, and you can then estimate costs - s
salutalice
11/20/2022, 8:17 PMI'm so confused of 'how long does the worker run' - s
salutalice
11/20/2022, 8:17 PMwhere can I test this ? - s
salutalice
11/20/2022, 8:17 PMI will be way way way below 100 000 requests per months - s
salutalice
11/20/2022, 8:17 PMI may be even not hitting 1000 - j
James
11/20/2022, 8:19 PMI believe wrangler will tell you the response time for a request, which should give you some idea. You can also check the worker stats in the dash too