@agarcian/passwordhash

Salted password hashing with PBKDF2. (Adapted from http://crackstation.net/hashing-security.htm)

Stats

stars 🌟issues ⚠️updated 🛠created 🐣size 🏋️‍♀️
00Jun 13, 2016Nov 11, 2015Minified + gzip package size for @agarcian/passwordhash in KB

Readme

Password Hash

A node.js module to hash passwords based on this article: https://crackstation.net/hashing-security.htm

This produces a password in the following format:

<hashing algorithm>:<number of iterations>:<hashed password>:<unique seed>

For example, the following is a hash for the password Florence123:

sha1:20000:p5GwEABDCx/HwW9p2gMXoyUAMXkWNPU4:dRUwYNvT0iapWk3l+OaiFPzb6z/ii20r

##Benefits

The article describes the algorithm to produce a secure hash for a password. Some of the main benefits is that each entry contains its own secure seed, so every record in the database should have a different seed for every password.

Installation

npm install @agarcian/passwordhash

Usage

var passwordhash = require('@agarcian/passwordhash');

var pwd  = 'my password';
var hash = passwordhash.createHash(pwd, function(err, hash) {
    passwordhash.validatePassword(pwd, hash, function(err, success) {
        console.log('The password hash was validated successfully:' + success ? 'yes' : 'no');
    });
});

Output should be yes

Tests

npm test

If you find any bugs or have a feature request, please open an issue on github!

The npm package download data comes from npm's download counts api and package details come from npms.io.