Skip to content

kevinburkeshyp/node-password-hash

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
bin
bin
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Deprecated: Use bcrypt or scrypt

node-password-hashBuild Status

password-hash is a node.js library to simplify use of hashed passwords.

Storing passwords in plain-text is bad. This library makes the storing of passwords (and subsequent validation of) hashed passwords a bit easier.

password-hash provides functions for generating a hashed passwords and verifying a plain-text password against a hashed password. For a bit of added strength, a random salt is generated when the password is hashed. The hashed password contains both the cryptographic algorithm that was used as well the salt, so all that is needed to verify a plain-text password is the hashed password itself.

Installation

npm install password-hash

Usage

generate(password, [options])

Generates a hash of the required password argument. Hashing behavior can be modified with the optional options object:

  • algorithm - A valid cryptographic algorithm for use with the crypto.createHmac function, defaults to 'sha1'.
  • saltLength - The length of the salt that will be generated when the password is hashed, defaults to 8.
  • iterations - The number of times the hashing algorithm should be applied, defaults to 1.

Errors are thrown if:

  • password is not a string
  • options.algorithm is specified but not a valid cryptographic algorithm
  • options.saltLength is specified but not a positive integer

The hashed password will be in the format algorithm$salt$hash.

Example:

    var passwordHash = require('password-hash');

    var hashedPassword = passwordHash.generate('password123');

    console.log(hashedPassword); // sha1$3I7HRwy7$cbfdac6008f9cab4083784cbd1874f76618d2a97

verify(password, hashedPassword)

Compares a plain-text password (password) to a hashed password (hashedPassword) and returns a boolean. Both arguments are required.

Example:

    var passwordHash = require('./lib/password-hash');

    var hashedPassword = 'sha1$3I7HRwy7$cbfdac6008f9cab4083784cbd1874f76618d2a97';
    
    console.log(passwordHash.verify('password123', hashedPassword)); // true
    console.log(passwordHash.verify('Password0', hashedPassword)); // false

isHashed(password)

Check if a password (password) is hashed. Returns a boolean.

Example:

    var passwordHash = require('./lib/password-hash');

    var hashedPassword = 'sha1$3I7HRwy7$cbfdac6008f9cab4083784cbd1874f76618d2a97';
    
    console.log(passwordHash.isHashed('password123')); // false
    console.log(passwordHash.isHashed(hashedPassword)); // true

Salt Generation

node 0.5.8 introduced crypto.randomBytes, which generates cryptographically strong pseudo-random data. If the version of node supports crypto.randomBytes it is used to generate the salt, otherwise Math.random, which is not cryptographically strong, is used. This is handled transparently within the salt generation function and does not impact the module's API.

Inspired by

password-hash is inspired by the password hashing found in Werkzeug.

About

Password hashing and verification for node.js

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 99.3%
  • Makefile 0.7%