npm
Sign UpSign In

cfcrypt

1.0.0 • Public • Published

Cloudflare Workers crypt

A module built with javascript crypto api to hash passwords and generating salt without node modules.

How to install

npm install cfcrypt

General knowledge

Saving passwords in the database in their raw format make them vulnerable to hack if someone had access to the database so the best alternative is to hash the password and save the hash in the database and when user signs in you take his password hash it and compare it to the saved hash. But there is a catch , what if someone accessed your database and tried random passwords and then hashed them this will make you vulnerable to what is called rainbow tables attack so the best practice is to combine every password with a random bytes which are called salt and save them with the password so when a user enters the password you get the salt from the database and hash it with the password and then compare the result with the hashed password you saved. This package makes everything easier for you and the best part is it works on cloudflare workers or any other runtime that uses the native javascript crypto api.

How to use

When you install this package you get access to :

  • createSalt
  • hashPassword
  • vaildatePassword

You can import them like this :

import {createSalt , hashPassword , vaildatePassword } from "cfcrypt"

Generating a salt

let salt = createSalt()

Will return a random base64 string that can be used as a salt and should be saved in the database with the user credentials

Hashing passwords

let hashedPassword = hashPassword({salt: generatedSalt, password: passwordString})

Will return a base64 string encoding the hashed password bytes.

Validating passwords

You can export the current file by clicking Export to disk in the menu. You can choose to export the file as plain Markdown, as HTML using a Handlebars template or as a PDF.

let isValid = vaildatePassword({salt: saltFromDB, password: passwordString, hashedPassword: hashedPasswordFromDB})

Will return a boolen indicating whether the password and salt are valid compared to the hashed string and according to it you will give access to the user

Best practices

You should create a new salt for every user and every password for example when a user changes his password you should generate a new salt and save it in the database along with the new password hash . You can securely save the hashed password along the salt in your database and you can be creative on how you save them you can combine them in one string and separate them with ( - ) like "salt-hashedPassword" and split them when validating the users credentials or you can save each one in a separate field {hashedPassword , salt} .

Readme

Keywords

Package Sidebar

Install

npm i cfcrypt

Weekly Downloads

1

Version

1.0.0

License

ISC

Unpacked Size

5.28 kB

Total Files

3

Last publish

Collaborators

  • ahmed_gameel
Try on RunKit
Report malware