UNPKG

unixpass

Version:

Native implementation of Unix compatible DES/MD5/SHA256/SHA512 password hashing.

github.com/rinne/node-unixpass

rinne/node-unixpass

58 lines (38 loc) 1.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
In A Nutshell ============= This is a native javascript implementation of Unix/Linux compatible password hashing. The currently implemented variants include legacy-DES (13 characters [./0-9A-Za-z]), extended-DES (underscore followed by 19 characters) MD5 ($1$), SHA256 ($5$), SHA512 ($6$), and BCrypt ($2a$). Usage ===== ``` const up = require('unixpass'); // Returns password hash using SHA256 up.crypt('mypassword', '$5$saltsaltmoresalt'); // Returns a password hash with autogenerated salt using SHA512 up.mkpass('mypassword'); // Returns true if password matches hash, false otherwise up.check('mypassword', '$1$saltsalt$dfhjlwheucnsdicbnwuibnwicb'); ``` Caution! ======== Be aware that legacy-DES only cares about first 8 characters of the password. While no new passwords should be encrypted using that, it may be useful in validating some old stuff. Also, it is an interesting piece of history that deserves to be reimplemented also in js. BCrypt ====== I don't like BCrypt and didn't even think that I'd ever implement it, but eventually did it anyways. The code does not implement any backward compatibilities for earlied bugs. Instead, it blindly accepts any currently known variant specifier, but performs the actual hashing identically. The maximum meaningful length of the UTF-8 encoded password in BCrypt is 72 bytes. Longer passwords are truncated. Author ====== Timo J. Rinne <tri@iki.fi> License ======= GPL-2.0