Document bcrypt Vs bcryptjs

[JohnMcLear]

I tried to persuade a project to adopt bcryptjs over bcrypt see:
https://github.com/jedireza/drywall/wiki/bcrypt-Installation-Trouble

But the project is putting forward an argument this project "has the same functionality as node.bcrypt.js expect for a few tiny differences. Mainly, it(bcryptjs) doesn't let you set the seed length for creating the random byte array."

The project maintainer is claiming it might effect security. Can you document what this means for security and maybe put a wiki page so when others ask this question it's easy to reference?

Thanks!

[JohnMcLear]

See this SO thread: http://stackoverflow.com/questions/22801593/security-differences-with-bcrypt-node-js-modules

[dcodeIO]

Since bcrypt.js is naturally quite a lot slower than native bcrypt (JS is not the best at heavy computation tasks), you should use the native version instead if you need the best security that you can get. The seed length shouldn't be much of an issue compared to that, it's more about the log rounds that you can process.

[JohnMcLear]

This would make a lot of sense if drywall wasn't based on Node.. If your logic is purely based on performance then you'd port drywall to C..

Just my 2 pence :)

[dcodeIO]

Updated README