pkyeck/retrieving.js

## retrieving.js
var crypto = require("crypto");

// user submitted form with email + pwd
var pwd = req.params.pwd;

// fetch result from DB ...

// retrieve hash from DB and compare to pwd
var result = <RESULT>;

var meta = fromStore.split(":");
var salt = new Buffer(meta[1], "base64");
var hash = meta[0];

// encrypt+salt password
var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) {
  if (err) {
    return reject(err);
  }
  key.toString("base64"));
});

// check if passwords match
if (hash !== encrypted) {
  throw new Error("credentials unknown");
}

// user is logged in ...

## storing.js
var crypto = require("crypto");

var pwd = "topsecret";

// create random salt
var salt = crypto.randomBytes(64);

// encrypt+salt password
var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) {
  if (err) {
    return reject(err);
  }
  key.toString("base64"));
});

// combine hash + salt
var toBeStored = encrypted + ":" + salt.toString("base64");

// store in DB in one column ...
	var crypto = require("crypto");

	// user submitted form with email + pwd
	var pwd = req.params.pwd;

	// fetch result from DB ...

	// retrieve hash from DB and compare to pwd
	var result = <RESULT>;

	var meta = fromStore.split(":");
	var salt = new Buffer(meta[1], "base64");
	var hash = meta[0];

	// encrypt+salt password
	var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) {
	if (err) {
	return reject(err);
	}
	key.toString("base64"));
	});

	// check if passwords match
	if (hash !== encrypted) {
	throw new Error("credentials unknown");
	}

	// user is logged in ...
	var crypto = require("crypto");

	var pwd = "topsecret";

	// create random salt
	var salt = crypto.randomBytes(64);

	// encrypt+salt password
	var encrypted = crypto.pbkdf2(pwd, salt, 10000, 64, function(err, key) {
	if (err) {
	return reject(err);
	}
	key.toString("base64"));
	});

	// combine hash + salt
	var toBeStored = encrypted + ":" + salt.toString("base64");

	// store in DB in one column ...