Node.js hashing of passwords

node.js security cryptography passwords password-hash

67,996

Solution 1

I use the follwing code to salt and hash passwords.

var bcrypt = require('bcrypt');

exports.cryptPassword = function(password, callback) {
   bcrypt.genSalt(10, function(err, salt) {
    if (err) 
      return callback(err);

    bcrypt.hash(password, salt, function(err, hash) {
      return callback(err, hash);
    });
  });
};

exports.comparePassword = function(plainPass, hashword, callback) {
   bcrypt.compare(plainPass, hashword, function(err, isPasswordMatch) {   
       return err == null ?
           callback(null, isPasswordMatch) :
           callback(err);
   });
};

Solution 2

bcrypt also can be called synchronously. Sample Coffeescript:

bcrypt = require('bcrypt')

encryptionUtil = 
    encryptPassword: (password, salt) ->
        salt ?= bcrypt.genSaltSync()
        encryptedPassword = bcrypt.hashSync(password, salt)
        {salt, encryptedPassword}

    comparePassword: (password, salt, encryptedPasswordToCompareTo) ->
        {encryptedPassword} = @encryptPassword(password, salt)
        encryptedPassword == encryptedPasswordToCompareTo

module.exports = encryptionUtil

Solution 3

bcrypt with typescript
npm i bcrypt
npm i -D @types/bcrypt

 import * as bcrypt from 'bcrypt';

export const Encrypt = {

    cryptPassword: (password: string) =>
        bcrypt.genSalt(10)
        .then((salt => bcrypt.hash(password, salt)))
        .then(hash => hash),
    
        comparePassword: (password: string, hashPassword: string) =>
            bcrypt.compare(password, hashPassword)
            .then(resp => resp)
    
    }

Exemple: Encrypt

const myEncryptPassword = await Encrypt.cryptPassword(password);

Exemple: Compare

const myBoolean = await Encrypt.comparePassword(password, passwordHash);

Solution 4

Also there is bcrypt-nodejs module for node. https://github.com/shaneGirish/bcrypt-nodejs.

Previously I used already mentioned here bcrypt module, but fall into problems on win7 x64. On the other hand bcrypt-nodejs is pure JS implementation of bcrypt and does not have any dependencies at all.

Solution 5

You can use the bcrypt-js package for encrypting the password.

Try npm i bcryptjs
var bcrypt = require('bcryptjs') in top.
To hash a password:

bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash("B4c0/\/", salt, function(err, hash) {
        // Store hash in your password DB.
    });
});

To check your password,

// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
    // res === true
});

You can visit https://www.npmjs.com/package/bcryptjs for more information on bcryptjs.

View more solutions

67,996

Author by

alditis

PHP, JavaScript, Node.js, Expressjs, Socket.IO, MySQL, CSS, Inkscape, GIMP, Java, Stripe, Laravel, Vuejs, GraphQL and AWS.

Updated on July 09, 2022

Comments

alditis almost 2 years
I am currently using the following for hashing passwords:
```
var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex');
```
Could you please suggest improvements to make the project safer?
brielov over 10 years

Don't use else after return, it just dont make sense. Cheers!
Tadej about 7 years

Could you add a link to the bcrypt library which you are using (github if possible)? Thanks.
balazs about 7 years

@Tadej it was so long ago, but I suppose it's: npmjs.com/package/bcrypt
Tadej about 7 years

Thanks. I didn't even check the date. Sorry. :/
Stephan Ahlf over 6 years

Would be nice but this is not maintained anymore.
Gagan over 3 years

There are two modules bcrypt and bcryptjs for this purpose, If someone can tell more about these two that would be nice.