Create, check and update password hashes.
It has been heavily inspired by the new PHP password hashing API but, following the node.js philosophy, hashing is done asynchronously.
The other ones I found were too complicated and/or were missing important features.
The main missing feature is the
needRehash() function: cryptography
is a fast-moving science and algorithms can quickly become obsolete or
their parameters needs to be adjusted to compensate the performance
increase of recent computers (e.g. bcrypt cost
This is exactly what this function is for: checking whether a hash uses the correct algorithm (and options) to see if we need to compute a new hash for this password.
Installation of the npm package:
> npm install --save hashy
Hashy requires promises support, for Node versions prior to 0.12 see this page to enable them.
hashyhashpasswordif errorreturn console.logerrorconsole.log'generated hash: ' hash
hash() handles additionaly two parameters which may be passed before the callback:
algo: which algorithm to use, it defaults to
options: additional options for the current algorithm, for bcrypt it defaults to
hashyverifypassword hashif errorreturn console.errorerrif successconsole.log'you are now authenticated!'elseconsole.warn'invalid password!'
var info = hashygetInfohash
As I said earlier, we must be able to check whether the hash is up to date, i.e. if it has been generated by the last algorithm available with the last set of options.
if hashyneedsRehashhash// Rehash.
It handles the optional
options parameters like
The default options for a given algorithm is available at
// Sets the default cost for bcrypt to 12.hashyoptionsbcryptcost = 12
Same interface as above but without the callbacks!
// Hashing.hashyhashpasswordthenconsole.log'generated hash:' hash// Checking.hashyverifypassword hashthenif successconsole.log'you are now authenticated!'elseconsole.warn'invalid password!'
As you can see, you don't even have to handle errors if you don't want to!
Note: only available since node.js 0.12.
Same interface as promises but much more similar to a synchronous code!
// Hashing.Bluebirdcoroutinevar hash = yield hashyhashpasswordconsole.log'generated hash:' hash// Checking.Bluebirdcoroutineif yield hashyverifypassword hashconsole.log'you are now authenticated!'elseconsole.warn'invalid password!'
Contributions are very welcome, either on the documentation or on the code.
Hashy is released under the MIT license.