Node.js hashing of passwords
Solution 1
I use the follwing code to salt and hash passwords.
var bcrypt = require('bcrypt');
exports.cryptPassword = function(password, callback) {
bcrypt.genSalt(10, function(err, salt) {
if (err)
return callback(err);
bcrypt.hash(password, salt, function(err, hash) {
return callback(err, hash);
});
});
};
exports.comparePassword = function(plainPass, hashword, callback) {
bcrypt.compare(plainPass, hashword, function(err, isPasswordMatch) {
return err == null ?
callback(null, isPasswordMatch) :
callback(err);
});
};
Solution 2
bcrypt also can be called synchronously. Sample Coffeescript:
bcrypt = require('bcrypt')
encryptionUtil =
encryptPassword: (password, salt) ->
salt ?= bcrypt.genSaltSync()
encryptedPassword = bcrypt.hashSync(password, salt)
{salt, encryptedPassword}
comparePassword: (password, salt, encryptedPasswordToCompareTo) ->
{encryptedPassword} = @encryptPassword(password, salt)
encryptedPassword == encryptedPasswordToCompareTo
module.exports = encryptionUtil
Solution 3
bcrypt with typescript
npm i bcrypt npm i -D @types/bcrypt
import * as bcrypt from 'bcrypt';
export const Encrypt = {
cryptPassword: (password: string) =>
bcrypt.genSalt(10)
.then((salt => bcrypt.hash(password, salt)))
.then(hash => hash),
comparePassword: (password: string, hashPassword: string) =>
bcrypt.compare(password, hashPassword)
.then(resp => resp)
}
Exemple: Encrypt
const myEncryptPassword = await Encrypt.cryptPassword(password);
Exemple: Compare
const myBoolean = await Encrypt.comparePassword(password, passwordHash);
Solution 4
Also there is bcrypt-nodejs module for node. https://github.com/shaneGirish/bcrypt-nodejs.
Previously I used already mentioned here bcrypt module, but fall into problems on win7 x64. On the other hand bcrypt-nodejs is pure JS implementation of bcrypt and does not have any dependencies at all.
Solution 5
You can use the bcrypt-js package for encrypting the password.
- Try npm i bcryptjs
- var bcrypt = require('bcryptjs') in top.
- To hash a password:
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash("B4c0/\/", salt, function(err, hash) {
// Store hash in your password DB.
});
});
- To check your password,
// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
// res === true
});
You can visit https://www.npmjs.com/package/bcryptjs for more information on bcryptjs.
alditis
PHP, JavaScript, Node.js, Expressjs, Socket.IO, MySQL, CSS, Inkscape, GIMP, Java, Stripe, Laravel, Vuejs, GraphQL and AWS.
Updated on July 09, 2022Comments
-
alditis almost 2 years
I am currently using the following for hashing passwords:
var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex');
Could you please suggest improvements to make the project safer?
-
brielov over 10 yearsDon't use else after return, it just dont make sense. Cheers!
-
Tadej about 7 yearsCould you add a link to the bcrypt library which you are using (github if possible)? Thanks.
-
balazs about 7 years@Tadej it was so long ago, but I suppose it's: npmjs.com/package/bcrypt
-
Tadej about 7 yearsThanks. I didn't even check the date. Sorry. :/
-
Stephan Ahlf over 6 yearsWould be nice but this is not maintained anymore.
-
Gagan over 3 years