Posting this here because it's a "nice to have", but is not on my priority list at the moment.
A "compiled bcrypt" plugin would be very simple to do.
Right now we use bcryptjs to hash our passwords. But what if somebody didn't want to use bcrypt? We could add a new hook
filter:password.hash that passes in the plaintext password, and the plugins do their work.
My rationale is for RPis, because bcrypt runs amazingly slow on ARM processors. The "solution" is to switch to compiled bcrypt (instead of js bcrypt), or lower the # of rounds (NodeBB defaults to 12). The lower the rounds, the easier the password can be cracked. No good. Having a plugin use bcrypt instead of bcryptjs would allow NodeBB to maintain the same # of bcrypt rounds, since it is a plugin that is using the compiled bcrypt lib, not core.
... oh, and there's a side benefit -- if people migrating from an md5-based password storage forum want to keep their passwords, then theoretically, they could use a
nodebb-plugin-md5-password and store passwords in md5 instead. But...
THIS IS A BAD IDEA BECAUSE MD5 IS NOT SECURE
Edit: Oh hi @a_5mith, I figured you'd show up immediately after posting