UNPKG

pbkdf2-password-hash

Version:

hash password with pbkdf2

github.com/commenthol/pbkdf2-password-hash

commenthol/pbkdf2-password-hash

114 lines (76 loc) 3.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# pbkdf2-password-hash > hash password with pbkdf2 [![NPM version](https://badge.fury.io/js/pbkdf2-password-hash.svg)](https://www.npmjs.com/package/pbkdf2-password-hash/) Generation and validation of passwords using PBKDF2 hashes. Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2. Per default uses `sha512` with 512 bit key and 120,000 iterations. This is as recommended by [OWASP](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2). ## ToC <!-- !toc (minlevel=2 omit="ToC") --> * [Example](#example) * [API](#api) * [`hash(password, [salt], [opts])`](#hashpassword-salt-opts) * [`compare(password, passwordHash)`](#comparepassword-passwordhash) * [Migrating from v1](#migrating-from-v1) * [Installation](#installation) * [Tests](#tests) * [LICENSE](#license) <!-- toc! --> ## Example Generate new password hash ```js import passwordHash from 'pbkdf2-password-hash' // generates random salt passwordHash.hash('password') .then((hash) => { //> hash === 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog==' }) ``` Generate password hash with different options ```js passwordHash.hash('password', {iterations: 100, digest: 'sha1', keylen: 16, saltlen: 16}) .then((hash) => { //> hash === 'sha1$100$16$fwzPKhZjCQSZMz+hY7A29A==$KdGdduxkKd08FDUuUVDVRQ==' }) ``` Validate password hash ```js const hash = 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog==' passwordHash.compare('password', hash) .then((isValid) => { //> isValid === true }) ``` ## API ### `hash(password, [salt], [opts])` Generate a new password hash for password using PBKDF2. Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2 **Parameters** | parameter | type | description | | -------------------------- | ------ | --------------------------------------------------- | | `password` | String | | | `[salt]` | String | _optional:_ salt | | `[opts.iterations=120000]` | Number | _optional:_ PBKDF2 number of iterations (~10 hashes/sec @ 2GHz) | | `[opts.digest=sha512]` | String | _optional:_ PBKDF2 digest | | `[opts.keylen=64]` | Number | _optional:_ PBKDF2 key length | | `[opts.saltlen=64]` | Number | _optional:_ salt length in case salt is not defined | **Returns** `Promise`, hashed password in `<digest>$<iterations>$<keylen>$<salt>$<hash>` notation ### `compare(password, passwordHash)` validate password against passwordHash **Parameters** | parameter | type | description | | -------------- | ------ | ------------------- | | `password` | String | plain-text password | | `passwordHash` | String | hashed password | **Returns** `Promise`, true if hash matches password ## Installation Requires [nodejs](http://nodejs.org/) >= v6.0.0 ```sh $ npm install --save pbkdf2-password-hash ``` ## Tests ```sh $ npm test ``` ## LICENSE UNLICENSE <https://unlicense.org>