pbkdf2-password-hash
hash password with pbkdf2
Generation and validation of passwords using PBKDF2 hashes.
Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2.
Per default uses sha512 with 512 bit key and 120,000 iterations.
This is as recommended by OWASP.
ToC
Example
Generate new password hash
import passwordHash from 'pbkdf2-password-hash'
// generates random salt
passwordHash.hash('password')
.then((hash) => {
//> hash === 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog=='
})Generate password hash with different options
passwordHash.hash('password', {iterations: 100, digest: 'sha1', keylen: 16, saltlen: 16})
.then((hash) => {
//> hash === 'sha1$100$16$fwzPKhZjCQSZMz+hY7A29A==$KdGdduxkKd08FDUuUVDVRQ=='
})Validate password hash
const hash = 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog=='
passwordHash.compare('password', hash)
.then((isValid) => {
//> isValid === true
})API
hash(password, [salt], [opts])
Generate a new password hash for password using PBKDF2. Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2
Parameters
| parameter | type | description |
|---|---|---|
password |
String | |
[salt] |
String | optional: salt |
[opts.iterations=120000] |
Number | optional: PBKDF2 number of iterations (~10 hashes/sec @ 2GHz) |
[opts.digest=sha512] |
String | optional: PBKDF2 digest |
[opts.keylen=64] |
Number | optional: PBKDF2 key length |
[opts.saltlen=64] |
Number | optional: salt length in case salt is not defined |
Returns Promise, hashed password in <digest>$<iterations>$<keylen>$<salt>$<hash> notation
compare(password, passwordHash)
validate password against passwordHash
Parameters
| parameter | type | description |
|---|---|---|
password |
String | plain-text password |
passwordHash |
String | hashed password |
Returns Promise, true if hash matches password
Installation
Requires nodejs >= v6.0.0
$ npm install --save pbkdf2-password-hashTests
$ npm testLICENSE
UNLICENSE https://unlicense.org