12

What's the best way to implement password hashing and verification in node.js using only the built-in crypto module. Basically what is needed:

function passwordHash(password) {} // => passwordHash
function passwordVerify(password, passwordHash) {} // => boolean

People usually are using bcrypt or other third-party libs for this purpose. I wonder isn't built-in crypto module huge enough already to cover at least all basic needs?

There's scrypt(), which appears to be the right guy for this purpose, but there's no verified counterpart and nobody seems to care.

Improve this question

4 Answers 4

Reset to default
29 
import { scrypt, randomBytes, timingSafeEqual } from "crypto";
import { promisify } from "util";

// scrypt is callback based so with promisify we can await it
const scryptAsync = promisify(scrypt);

Hashing process has two methods. First method, you hash the password, second method, you need to compare the new sign-in password with the stored password. I use typescript to write everything in detail

export class Password {

  static async hashPassword(password: string) {
    const salt = randomBytes(16).toString("hex");
    const buf = (await scryptAsync(password, salt, 64)) as Buffer;
    return `${buf.toString("hex")}.${salt}`;
  }

  static async comparePassword(
    storedPassword: string,
    suppliedPassword: string
  ): Promise<boolean> {
    // split() returns array
    const [hashedPassword, salt] = storedPassword.split(".");
    // we need to pass buffer values to timingSafeEqual
    const hashedPasswordBuf = Buffer.from(hashedPassword, "hex");
    // we hash the new sign-in password
    const suppliedPasswordBuf = (await scryptAsync(suppliedPassword, salt, 64)) as Buffer;
    // compare the new supplied password with the stored hashed password
    return timingSafeEqual(hashedPasswordBuf, suppliedPasswordBuf);
  }
}

Test it:

Password.hashPassword("123dafdas")
  .then((res) => Password.comparePassword(res, "123edafdas"))
  .then((res) => console.log(res));
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

You may want to use crypto.timingSafeEqual to compare
Shouldn't that be randomBytes(16), not 8? Even the official Node docs themselves recommend a 16 byte (minimum) salt.
You can now use scryptSync() instead of awaiting the scryptAsync()
5

It is quite an interesting thread, and different solutions are provided. After my findings, I propose a solution based on the Easy profiling for Node.js Applications

See the sample code below.

// add new user
app.get('/newUser', (req, res) => {
  let username = req.query.username || '';
  const password = req.query.password || '';

  username = username.replace(/[!@#$%^&*]/g, '');

  if (!username || !password || users[username]) {
    return res.sendStatus(400);
  }

  const salt = crypto.randomBytes(128).toString('base64');
  const hash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');

  users[username] = { salt, hash };

  res.sendStatus(200);
});

validating user authentication attempts

// validating user authentication attempts
app.get('/auth', (req, res) => {
  let username = req.query.username || '';
  const password = req.query.password || '';

  username = username.replace(/[!@#$%^&*]/g, '');

  if (!username || !password || !users[username]) {
    return res.sendStatus(400);
  }

  const { salt, hash } = users[username];
  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');

  if (crypto.timingSafeEqual(hash, encryptHash)) {
    res.sendStatus(200);
  } else {
    res.sendStatus(401);
  }
});

Please note that these are NOT recommended handlers for authenticating users in your Node.js applications and are used purely for illustration purposes. You should not be trying to design your own cryptographic authentication mechanisms in general. It is much better to use existing, proven authentication solutions.

Improve this answer

Comments

0

how to compare password using the "crypto" package(https://www.npmjs.com/package/crypto-js)

The thing is, i have a REACT app that use node as a backend to authenticate. so in the node part, i use bcrypt to compare password . Now the challange now is to use crypto to compare password. does someone can help? here is attached my script that use bcrypt package to compare password enter image description here

Improve this answer

1 Comment

This does not provide an answer to the question. Once you have sufficient reputation you will be able to comment on any post; instead, provide answers that don't require clarification from the asker. - From Review
-1 
const password = "my_password"; 

// Creating a unique salt for a particular user
const salt = crypto.randomBytes(16).toString('hex'); 
  
// Hash the salt and password with 1000 iterations, 64 length and sha512 digest 
const hash = crypto.pbkdf2Sync(password, salt, 1000, 64, 'sha512').toString('hex');

Store both salt and hash for the user in DB.

const re_entered_password = "my_password";

// To verify the same - salt (stored in DB) with same other parameters used while creating hash (1000 iterations, 64 length and sha512 digest)
const newHash = crypto.pbkdf2Sync(re_entered_password, salt, 1000, 64, 'sha512').toString('hex');

// check if hash (stored in DB) and newly generated hash (newHash) are the same
hash === newHash;
Improve this answer

4 Comments

Thanks for the contribution. I see two drawbacks here (not an expert, though). 1) Requirement to store salt while I believe it's already stored somehow in hash 2) Verify function shouldn't have the same computational complexity as the hashing function.
1) IMHO we can't extract salt directly from hash. We can store both salt and hash in one field (salt+hash) like other crypt libraries do. 2) I am not exactly sure on the shortcut methods to verify the same. To the best of my knowledge, we should recreate hash with same computational complexity to verify if it's same as the hash present in DB. Hope this answer clear the air for you.
Hey @disfated, did you manage to get any simple solutions? I am little curious to know. Could you please help posting the answer if any. Thanks.
PBKDF is really quite old, and the recommendation is to use 600,000 iterations if you still use it (which you may need to do because of FIPS) You might as well install argon2 these days. (and, I'm sure, in a few years, something even newer.)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.