cfcrypt
v1.0.0
Published
cloudflare workers module for hashing and salting passwords
Downloads
2
Maintainers
Readme
Cloudflare Workers crypt
A module built with javascript crypto api to hash passwords and generating salt without node modules.
How to install
npm install cfcrypt
General knowledge
Saving passwords in the database in their raw format make them vulnerable to hack if someone had access to the database so the best alternative is to hash the password and save the hash in the database and when user signs in you take his password hash it and compare it to the saved hash. But there is a catch , what if someone accessed your database and tried random passwords and then hashed them this will make you vulnerable to what is called rainbow tables attack so the best practice is to combine every password with a random bytes which are called salt and save them with the password so when a user enters the password you get the salt from the database and hash it with the password and then compare the result with the hashed password you saved. This package makes everything easier for you and the best part is it works on cloudflare workers or any other runtime that uses the native javascript crypto api.
How to use
When you install this package you get access to :
- createSalt
- hashPassword
- vaildatePassword
You can import them like this :
import {createSalt , hashPassword , vaildatePassword } from "cfcrypt"
Generating a salt
let salt = createSalt()
Will return a random base64 string that can be used as a salt and should be saved in the database with the user credentials
Hashing passwords
let hashedPassword = hashPassword({salt: generatedSalt, password: passwordString})
Will return a base64 string encoding the hashed password bytes.
Validating passwords
You can export the current file by clicking Export to disk in the menu. You can choose to export the file as plain Markdown, as HTML using a Handlebars template or as a PDF.
let isValid = vaildatePassword({salt: saltFromDB, password: passwordString, hashedPassword: hashedPasswordFromDB})
Will return a boolen indicating whether the password and salt are valid compared to the hashed string and according to it you will give access to the user
Best practices
You should create a new salt for every user and every password for example when a user changes his password you should generate a new salt and save it in the database along with the new password hash . You can securely save the hashed password along the salt in your database and you can be creative on how you save them you can combine them in one string and separate them with ( - ) like "salt-hashedPassword" and split them when validating the users credentials or you can save each one in a separate field {hashedPassword , salt} .