Menu
I am currently using the following for hashing passwords:
var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex'); Could you please suggest improvements to make the project safer?
870
This is great for securing passwords because we can store the password in a form that is not usable if stolen, but we also need to be able to verify that the password is correct. For us to be able to use password hashing in Node.js, firstly we need to install a NPM package called bcrypt, with the npm i bcrypt command.
To set up a Node.js application, you’ll need a package.json file to document the dependencies. To create that, run the following on your terminal. Next, create an index.js file. This is the root of the application and where we’ll be writing all our hashing codes. This will create the index.js file. Add the following to your index.js file.
Nodejs provides crypto modules to perform the encryption and hashing of sensitive information such as passwords. The Bcrypt node modules provides easy way to create and compare hashes.
Nodejs provides crypto modules to perform the encryption and hashing of sensitive information such as passwords. The Bcrypt node modules provides easy way to create and compare hashes. Let’s learn how to use it.
I use the follwing code to salt and hash passwords.
var bcrypt = require('bcrypt'); exports.cryptPassword = function(password, callback) { bcrypt.genSalt(10, function(err, salt) { if (err) return callback(err); bcrypt.hash(password, salt, function(err, hash) { return callback(err, hash); }); }); }; exports.comparePassword = function(plainPass, hashword, callback) { bcrypt.compare(plainPass, hashword, function(err, isPasswordMatch) { return err == null ? callback(null, isPasswordMatch) : callback(err); }); }; If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
