passport-local-authenticate
v1.2.0
Published
Functions for hashing and verifying passwords in a passport-local strategy
Downloads
1,003
Maintainers
Readme
Passport-Local-Authenticate
Encapsulates methods used to hash and verify user credentials for use in a passport-local strategy. This simplifies building username and password login with Passport.
Installation
$ npm install passport-local-authenticate --save
Usage
var auth = require('passport-local-authenticate');
auth.hash('password', function(err, hashed) {
console.log(hashed.hash); // Hashed password
console.log(hashed.salt); // Salt
});
auth.hash('password', function(err, hashed) {
auth.verify('password', hashed, function(err, verified) {
console.log(verified); // True, passwords match
));
});
auth.hash('password', function(err, hashed) {
auth.verify('password2', hashed, function(err, verified) {
console.log(verified); // False, passwords don't match
));
});
Attention options.digestAlgorithm is set to 'SHA1' which is not considered too safe but was chosen for backward compatibility. Future versions (major) will use some 'SHA-256' digest algorithm!
Options
Attention! Changing any of the hashing options (saltlen, iterations or keylen) in a production environment will prevent that existing users to authenticate!
- saltlen: specifies the salt length in bytes. Default: 32
- iterations: specifies the number of iterations used in pbkdf2 hashing algorithm. Default: 25000
- keylen: specifies the length in byte of the generated key. Default: 512
- encoding: specifies the encoding the generated salt and hash will be stored in. Defaults to 'hex'.
- digestAlgorithm: digest algorith to use in pbkdf2. Valid values can be retrieved using crypto.getHashes(). A popular choices is 'sha256' or 'sha512'. Attention Only working in node.js versions greater 0.10. And in case your sitting on a 0.10 project consider an upgrade. Really!
Hash Algorithm
Passport-Local-Authenticate uses the pbkdf2 algorithm of the node crypto library. Pbkdf2 was chosen because platform independent (in contrary to bcrypt). For every user a generated salt value is saved to make rainbow table attacks even harder.
License
Passport-Local-Authenticate is licenses under the MIT license.