π Cryptographically secure password hashing algorithm based on pbkdf2 key derivation function.
Coded with β€οΈ by Simone Primarosa.
DEPRECATED!!! USE @phc/pbkdf2 INSTEAD
npm install --save pbkdf2-cryptconst pbkdf2c = require('pbkdf2-crypt');
// Hash and verify with pbkdf2 and default configs
pbkdf2c.hash('We are all unicorns')
.then(hash) => {
console.log(hash);
//=> "mOyc16tOzjyRlVwE0UknfYLkWhboVaepNDSlpXGsgVIjmV3ATpMgbUkvtAQVuGWYX8499ta+qTSwMS5mShHrPEMR1w/JRa3TiOYRK6D7K7Q0JhFkp83suUKaO2qqXf7XXlbeEQjEHyxXOQejKBxhbl7vdlgQcUnsovCtEhOesD0=,B1izIvz3r4CKWswSeWh11ClEVrXxs/2jDD0LGSUMar/KQyBI6x4CfkcnsC4WHU29Meew8aQYyURwS8tjP7N+tMM1NhM1FDnWH0766noazbVd1rNG8IHoroD8v0jQcHYTRth2pviQaoJszKcLP43XT+c9DNYolDXzeKQAPZ3+mI0=,10000,128,sha512"
pbkdf2c.verify(hash, 'We are all unicorns')
.then(match) => {
console.log(match);
//=> true
});
});
// Hash and verify with pbkdf2 and custom configs
pbkdf2c.hash('We are all unicorns', {digest: 'sha1', iterations: 15000})
.then(hash) => {
console.log(hash);
//=> "suaEhih1LNHXbcWMc7lzdY7z0F3bVbVvuIGr7kAMCPNQ9vGsIhQWL//GIdZ4NNLs8n7rNkRFYHzEqBjl+GgzSQ==,T82zIg2ej8IOYBqqlGOtduKVFUUMras1eJ1U1khGTfeP1caP3jAozGQqS149Pynq9PlEGP0hhMOsywrKj97VUw==,7500,64,sha1"
pbkdf2c.verify(hash, 'We are all unicorns')
.then(match) => {
console.log(match);
//=> true
});
});- hash(password, [options]) β
Promise.<string> Computes the secure hash string of the given password.
- verify(hash, input) β
Promise.<boolean> Determines whether or not the user's input matches the secure hashed password.
Computes the secure hash string of the given password.
Kind: global function
Returns: Promise.<string> - The generated secure hash string.
Access: public
| Param | Type | Description |
|---|---|---|
| password | string |
The password to hash. |
| [options] | Object |
Configurations related to the hashing function. |
| [options.iterations] | number |
The number of iterations to compute the derived key. |
| [options.keylen] | number |
Length of the computed derived key. |
| [options.digest] | number |
A digest function from the crypto.getHashes() list of supported digest functions. |
Determines whether or not the user's input matches the secure hashed password.
Kind: global function
Returns: Promise.<boolean> - A boolean that is true if the hash computed
for the input matches.
Access: public
| Param | Type | Description |
|---|---|---|
| hash | string |
Secure hash string generated from this package. |
| input | string |
User's password input. |
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it.
Please check the contributing guidelines for more details. Thanks!
- Simone Primarosa - Follow me on Github (
@simonepri) and on Twitter (π¦@simonepri)
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE file for details.