What is an alternative for bcrypt to use with node?
Solution 1
Check out https://npmjs.org/package/bcryptjs, it's fully compatible with bcrypt just without the dependencies.
Or https://npmjs.org/package/simplecrypt if you don't want the crypto boilerplate and just need to encrypt and decrypt strings.
Solution 2
As of 24th April 2020 There is a nice built in way of hashing passwords using scrypt
in the crypto
module
// Using the built in crypto module
const { scryptSync, randomBytes } = require("crypto");
// Any random string here (ideally should be atleast 16 bytes)
const salt = randomBytes(16).toString("hex")
// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
const getHash = (password) => scryptSync(password, salt, 32).toString("hex");
Solution 3
Here is an improved version of @malik-bagwala with JsDocs, types and a match password function.
import { randomBytes, scryptSync } from 'crypto';
// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
const encryptPassowrd = (password: string, salt: string) => {
return scryptSync(password, salt, 32).toString('hex');
};
/**
* Hash password with random salt
* @return {string} password hash followed by salt
* XXXX till 64 XXXX till 32
*
*/
export const hashPassword = (password: string): string => {
// Any random string here (ideally should be atleast 16 bytes)
const salt = randomBytes(16).toString('hex');
return encryptPassowrd(password, salt) + salt;
};
// fetch the user from your db and then use this function
/**
* Match password against the stored hash
*/
export const matchPassword = (passowrd: string, hash: string): Boolean => {
// extract salt from the hashed string
// our hex password length is 32*2 = 64
const salt = hash.slice(64);
const originalPassHash = hash.slice(0, 64);
const currentPassHash = encryptPassowrd(passowrd, salt);
return originalPassHash === currentPassHash;
};
Solution 4
You should really use the built-in crypto module for your encryption needs. It's basically a binding to OpenSSL, a fast, stable, secure, and well-vetted crypto library. Trying to implement your own crypto (or use someone else's unvalidated attempt at implementing crypto) is a recipe for disaster.
If you're looking to encrypt data, all you have to do is call crypto.createCipher
, which returns a readable/writable Stream
. Write data into the stream and it will emit data events with the encrypted data.
For example:
var stream = crypto.createCipher('aes192', 'mysecretpassword');
stream.on('data', function(enc) {
// enc is a `Buffer` with a chunk of encrypted data
});
stream.write('some secret data');
stream.end();
Solution 5
If someone faces similar issue, you can try bcyrptjs which is optimized bcrypt written in JavaScript with zero dependencies and is also compatible to the C++ bcrypt.
Kory
Updated on January 08, 2022Comments
-
Kory over 2 years
I have tried for days to get bcrypt installed on my windows machine with no luck. One of the dependencies (Windows 7 SDK) does not want to be installed even though I have tried numerous suggestions from around the net it just refuses to cooperate.
I need a good alternative to bcrypt which does not have any dependencies.