Storing and retrieving secure passwords
var crypto = require("crypto"); | |
// user submitted form with email + pwd | |
var pwd = req.params.pwd; | |
// fetch result from DB ... | |
// retrieve hash from DB and compare to pwd | |
var result = <RESULT>; | |
var meta = fromStore.split(":"); | |
var salt = new Buffer(meta[1], "base64"); | |
var hash = meta[0]; | |
// encrypt+salt password | |
var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) { | |
if (err) { | |
return reject(err); | |
} | |
key.toString("base64")); | |
}); | |
// check if passwords match | |
if (hash !== encrypted) { | |
throw new Error("credentials unknown"); | |
} | |
// user is logged in ... |
var crypto = require("crypto"); | |
var pwd = "topsecret"; | |
// create random salt | |
var salt = crypto.randomBytes(64); | |
// encrypt+salt password | |
var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) { | |
if (err) { | |
return reject(err); | |
} | |
key.toString("base64")); | |
}); | |
// combine hash + salt | |
var toBeStored = encrypted + ":" + salt.toString("base64"); | |
// store in DB in one column ... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment