Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Node.js hashing of passwords

I am currently using the following for hashing passwords:

var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex'); 

Could you please suggest improvements to make the project safer?

like image 870
alditis Avatar asked Dec 23 '12 23:12

alditis


People also ask

How to secure passwords with password hashing in Node JS?

This is great for securing passwords because we can store the password in a form that is not usable if stolen, but we also need to be able to verify that the password is correct. For us to be able to use password hashing in Node.js, firstly we need to install a NPM package called bcrypt, with the npm i bcrypt command.

How do I set up a hashing algorithm in Node JS?

To set up a Node.js application, you’ll need a package.json file to document the dependencies. To create that, run the following on your terminal. Next, create an index.js file. This is the root of the application and where we’ll be writing all our hashing codes. This will create the index.js file. Add the following to your index.js file.

What are the crypto modules in NodeJS?

Nodejs provides crypto modules to perform the encryption and hashing of sensitive information such as passwords. The Bcrypt node modules provides easy way to create and compare hashes.

What is bcrypt NodeJS?

Nodejs provides crypto modules to perform the encryption and hashing of sensitive information such as passwords. The Bcrypt node modules provides easy way to create and compare hashes. Let’s learn how to use it.


1 Answers

I use the follwing code to salt and hash passwords.

var bcrypt = require('bcrypt');  exports.cryptPassword = function(password, callback) {    bcrypt.genSalt(10, function(err, salt) {     if (err)        return callback(err);      bcrypt.hash(password, salt, function(err, hash) {       return callback(err, hash);     });   }); };  exports.comparePassword = function(plainPass, hashword, callback) {    bcrypt.compare(plainPass, hashword, function(err, isPasswordMatch) {           return err == null ?            callback(null, isPasswordMatch) :            callback(err);    }); }; 
like image 59
balazs Avatar answered Sep 22 '22 22:09

balazs