Skip to content

kdcio/password

Repository files navigation

Password Hash and Salt Generator

This package will generate hash and salt given a password. It also has a function to validate a password input.

ver size build Known Vulnerabilities Quality Gate Status Code Smells Coverage license

Install

npm i @kdcio/password

Usage

On user registration

const { getHashSalt } = require('@kdcio/password');

const register = (password) => {
    ...
    const {hash, salt} = getHashSalt(password);
    ...
};

Store the hash and salt in your database.

On user login

const { isValidPassword } = require('@kdcio/password');

const login = (username, password) => {
    ...
    const {hash, salt} = getFromDatabase(username);
    if(isValidPassword(password, hash, salt)) {
        console.log("Password is correct");
    } else {
        console.log("Password is wrong");
    }
    ...
};

Configuration

Iterations, keylen and digest can be configured by defining environment variables.

  • PW_ITERATIONS
  • PW_KEYLEN
  • PW_DIGEST

See algorithms in NodeJs crypto docs for possible values for digest. More info on the link below.

Reference

https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback