happn-password-hash-and-salt

forked from https://github.com/florianheinemann/password-hash-and-salt.git version 1.1.4

This module provides straight-forward password hashing for node.js applications using default settings considered to be safe. SHA512 is used by default, also backward compatible with previous versions that used SHA1.

Usage

First, install the module:

$ npm install happn-password-hash-and-salt --save

Afterwards, usage is as simple as shown in the following example:

var password = require('password-hash-and-salt');
 
var myuser = [];
 
// Creating hash and salt
password('mysecret').hash(function(error, hash) {
    if(error)
        throw new Error('Something went wrong!');
 
    // Store hash (incl. algorithm, iterations, and salt)
    myuser.hash = hash;
 
    // Verifying a hash
    password('hack').verifyAgainst(myuser.hash, function(error, verified) {
        if(error)
            throw new Error('Something went wrong!');
        if(!verified) {
            console.log("Don't try! We got you!");
        } else {
            console.log("The secret is...");
        }
    });
})
 

Crypto

password-hash-and-salt uses node.js' internal crypto module. Hashes are generated with pbkdf2 using 10,000 iterations.

Created hash

The created hash is of 270 characters length and is of the following format: pbkdf2$10000$hash$salt$digest

This allows for future upgrades of the algorithm and/or increased number of iterations in future version. It also simplifies storage as no dedicated database field for the salt is required.

Credits and License

express-sslify is licensed under the MIT license. If you'd like to be informed about new projects follow @TheSumOfAll.

Copyright (c) 2013-2014 Florian Heinemann Modified by S. Bishop