pwd-shaker
v1.0.0
Published
password hashing with salt, pepper
Downloads
7
Readme
pwd-shaker
is a node.js library simpifying some routine tasks related to one-way password encryption (hash computing).
It is totally based on the standard crypto module and use no external dependencies.
As the basic feature here is to apply so called salt and pepper, it's named after the related condiment dispensers.
The library features two classes:
- PasswordShaker implementing basic functionality;
- PasswordShakerFile, the derived class with
pepper
kept in a file instead of RAM.
Installation
npm install pwd-shaker
Usage
const {PasswordShakerFile} = require ('pwd-shaker')
const shaker = new PasswordShakerFile ({
path : '/etc/this_information_system/secret_pepper',
// order : ['pepper', 'salt', 'pwd'],
// algorithm : 'sha256',
// encoding : 'hex',
})
const {login, pwd} = //...available from input
const salt = shaker.sprinkle (32)
const hash = shaker.cook (pwd, salt)
// store login+hash+salt instead of login+pwd
//...then...
const {login, pwd} = //...available from input
const {hash, salt} = //...fetch by login
if (shaker.test (hash, pwd, salt)) {
// auth OK
}
else {
// kick out
}