What is an alternative for bcrypt to use with node?

node.js cryptography bcrypt password-hash

30,963

Solution 1

Check out https://npmjs.org/package/bcryptjs, it's fully compatible with bcrypt just without the dependencies.

Or https://npmjs.org/package/simplecrypt if you don't want the crypto boilerplate and just need to encrypt and decrypt strings.

Solution 2

As of 24th April 2020 There is a nice built in way of hashing passwords using scrypt in the crypto module

// Using the built in crypto module

const { scryptSync, randomBytes } = require("crypto");


// Any random string here (ideally should be atleast 16 bytes)

const salt = randomBytes(16).toString("hex")


// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)

const getHash = (password) => scryptSync(password, salt, 32).toString("hex");

Solution 3

Here is an improved version of @malik-bagwala with JsDocs, types and a match password function.

import { randomBytes, scryptSync } from 'crypto';

// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
const encryptPassowrd = (password: string, salt: string) => {
  return scryptSync(password, salt, 32).toString('hex');
};

/**
 * Hash password with random salt
 * @return {string} password hash followed by salt
 *  XXXX till 64 XXXX till 32
 *
 */
export const hashPassword = (password: string): string => {
  // Any random string here (ideally should be atleast 16 bytes)
  const salt = randomBytes(16).toString('hex');
  return encryptPassowrd(password, salt) + salt;
};

// fetch the user from your db and then use this function

/**
 * Match password against the stored hash
 */
export const matchPassword = (passowrd: string, hash: string): Boolean => {
  // extract salt from the hashed string
  // our hex password length is 32*2 = 64
  const salt = hash.slice(64);
  const originalPassHash = hash.slice(0, 64);
  const currentPassHash = encryptPassowrd(passowrd, salt);
  return originalPassHash === currentPassHash;
};

Solution 4

You should really use the built-in crypto module for your encryption needs. It's basically a binding to OpenSSL, a fast, stable, secure, and well-vetted crypto library. Trying to implement your own crypto (or use someone else's unvalidated attempt at implementing crypto) is a recipe for disaster.

If you're looking to encrypt data, all you have to do is call crypto.createCipher, which returns a readable/writable Stream. Write data into the stream and it will emit data events with the encrypted data.

For example:

var stream = crypto.createCipher('aes192', 'mysecretpassword');
stream.on('data', function(enc) {
    // enc is a `Buffer` with a chunk of encrypted data
});

stream.write('some secret data');
stream.end();

Solution 5

If someone faces similar issue, you can try bcyrptjs which is optimized bcrypt written in JavaScript with zero dependencies and is also compatible to the C++ bcrypt.

View more solutions

30,963

Author by

Kory

Updated on January 08, 2022

Comments

Kory over 2 years

I have tried for days to get bcrypt installed on my windows machine with no luck. One of the dependencies (Windows 7 SDK) does not want to be installed even though I have tried numerous suggestions from around the net it just refuses to cooperate.

I need a good alternative to bcrypt which does not have any dependencies.