npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

twin-bcrypt

v2.1.1

Published

asm.js JavaScript BCrypt implementation for NodeJS and the browser.

Downloads

7,594

Readme

twin-bcrypt

Build Status Dependency Status

Fast asm.js implementation of the BCrypt algorithm for Node and the browser without dependencies. See the demo here. Also used in the real world in this great .htpasswd file generator in parallel with web workers.

Basic usage:

Synchronous (blocking)

var hash = TwinBcrypt.hashSync("bacon");

TwinBcrypt.compareSync("bacon", hash); // true
TwinBcrypt.compareSync("veggies", hash); // false

Asynchronous (non-blocking)

Asynchronous mode is preferred. Besides not blocking the javascript engine, it gives the opportunity to display progression information, and even to abort computations.

With a default-generated salt.

TwinBcrypt.hash("bacon", function(hash) {
  // Store hash in your password DB.
});

With progression info and optional operation abort.

TwinBcrypt.hash("bacon",
  function(p) {
    progressBar.value = p;
    if (tooLong) return false;
  },
  function(hash) {
    // Store hash in your password DB.
  }
);

Check a given password against a given hash

// Load hash from your password DB.
TwinBcrypt.compare("bacon", hash, function(result) {
    // result === true
});
TwinBcrypt.compare("veggies", hash, function(result) {
    // result === false
});

In the above examples, the salt is automatically generated and attached to the hash. Though you can use your custom salt and there is no need for salts to be persisted as it will always be included in the final hash result and can be retrieved.

API

  • genSalt(cost)
    • cost - [OPTIONAL] - Integer between 4 and 31 inclusive. Default 10. This value is logarithmic, the actual number of iterations used will be 2cost : increasing the cost by 1 will double the amount of time taken.
  • hashSync(data, salt)
    • data - [REQUIRED] - the data to be encrypted.
    • salt - [OPTIONAL] - the salt to be used in encryption. If specified as a number then a salt will be generated and used.
  • hash(data, salt, progress, callback)
    • data - [REQUIRED] - the data to be encrypted.
    • salt - [OPTIONAL] - the salt to be used to hash the password. If specified as a number then a salt will be generated and used.
    • progress - [OPTIONAL] - a callback to be invoked during the hash calculation to signify progress. This callback can return false to stop the process.
      • p - Value between 0 (exclusive) and 1 (inclusive), sent as a parameter to the progress callback.
    • callback - [REQUIRED] - a callback to be fired once the data has been encrypted (and if the process has not been stopped).
      • result - Hashed data received as an argument.
  • compareSync(password, refhash)
    • password - [REQUIRED] - password to check.
    • refhash - [REQUIRED] - reference hash to check the password against. Returns true if the password matches, false if it doesn't. Throws an error if arguments are invalid.
  • compare(password, refhash, progress, callback)
    • password - [REQUIRED] - password to check.
    • refhash - [REQUIRED] - reference hash to check the password against.
    • progress - [OPTIONAL] - a callback to be called during the hash verification to signify progress
      • p - Value between 0 (exclusive) and 1 (inclusive), sent as a parameter to the progress callback. This callback can return false to stop the process.
    • callback - [REQUIRED] - a callback to be fired once the data has been compared.
      • result - Boolean received as an argument to the callback, indicating whether the data and encrypted forms match (and if the process has not been stopped).
  • encodingMode
    • ENCODING_UTF8 (default) - encodes non-ascii characters to utf-8 before hashing.
    • ENCODING_RAW - does not encode non-ascii characters in the password. This allows the use of custom encodings.

Character encoding

In order to provide support for unicode strings, passwords with non-ascii characters are utf-8 encoded by default before being hashed. If a different encoding is desired, the password should be encoded before handing it to TwinBcrypt, and the following option should be used :

TwinBcrypt.encodingMode = TwinBcrypt.ENCODING_RAW;

Command-line

With a global installation:

twin-bcrypt <cost> <password-to-hash>

With a local installation:

node_modules/.bin/twin-bcrypt <cost> <password-to-hash>

About prefixes

Back in the old days when all bcrypt-hashed passwords had the $2a$ prefix, a bug was discovered in the crypt_blowfish implementation of this algorithm. A small fraction of the $2a$ passwords were buggy, but most of them were just fine. It was then decided to create two new prefixes to distinguish between them :

  • 2a - unknown correctness (may be correct, may be buggy)
  • 2x - sign extension bug
  • 2y - definitely correct

Twin-bcrypt uses the $2y$ prefix by default, and can check correct $2a$ passwords. However it does not emulate the sign extension bug of old crypt_blowfish implementations, and thus doesn't recognize the legacy $2x$ prefix.

About asm.js

asm.js is an extraordinarily optimizable, low-level subset of JavaScript designed by Mozilla. As a subset of JavaScript it runs in any browser, but until now only Firefox shows really outstanding performance. The V8 engine (used in Chrome and Node.js) runs asm.js sometimes even slower than regular js.
Twin-Bcrypt embeds two functionally identical bcrypt encoders : one is written in asm.js, the other one uses regular JavaScript. The asm.js encoder is currently used only in the Firefox browser. This may evolve over time with JavaScript engines to always bring the best performance.

Credits

This project is a fork of bcrypt-nodejs, which is based on javascript-bcrypt, which is itself a javascript port of damien miller's jBCrypt.