Node.js hashing of passwords

node.js security cryptography passwords password-hash
alditis picture alditis · Dec 24, 2012 · Viewed 58.5k times · Source

I am currently using the following for hashing passwords:

var pass_shasum = crypto.createHash('sha256').update(req.body.password).digest('hex');

Could you please suggest improvements to make the project safer?

Answer

balazs picture balazs · Dec 24, 2012

I use the follwing code to salt and hash passwords.

var bcrypt = require('bcrypt');

exports.cryptPassword = function(password, callback) {
   bcrypt.genSalt(10, function(err, salt) {
    if (err) 
      return callback(err);

    bcrypt.hash(password, salt, function(err, hash) {
      return callback(err, hash);
    });
  });
};

exports.comparePassword = function(plainPass, hashword, callback) {
   bcrypt.compare(plainPass, hashword, function(err, isPasswordMatch) {   
       return err == null ?
           callback(null, isPasswordMatch) :
           callback(err);
   });
};

Related questions

JWT (JSON Web Token) automatic prolongation of expiration

I would like to implement JWT-based authentication to our new REST API. But since the expiration is set in the token, is it possible to automatically prolong it? I don't want users to need to sign in after every X …

Read More
Best practices when running Node.js with port 80 (Ubuntu / Linode)

I am setting up my first Node.js server on a cloud Linux node and I am fairly new to the details of Linux admin. (BTW I am not trying to use Apache at the same time.) Everything is installed …

Read More
Node.js https pem error: routines:PEM_read_bio:no start line

I am messing with login form right now with node.js, I tried creating a pem key and csr using openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem However I been getting errors for running node …

Read More