https://github.com/do-/node-pwd-shaker

password hashing with salt, pepper
https://github.com/do-/node-pwd-shaker

hash nodejs password pepper salt

Last synced: 3 months ago
JSON representation

password hashing with salt, pepper

• Host: GitHub
• URL: https://github.com/do-/node-pwd-shaker
• Owner: do-
• License: other
• Created: 2024-07-25T07:41:43.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-07-27T16:50:34.000Z (over 1 year ago)
• Last Synced: 2025-03-13T05:28:37.963Z (about 1 year ago)
• Topics: hash, nodejs, password, pepper, salt
• Language: JavaScript
• Homepage:
• Size: 40 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
![workflow](https://github.com/do-/node-pwd-shaker/actions/workflows/main.yml/badge.svg)

![Jest coverage](./badges/coverage-jest%20coverage.svg)

`pwd-shaker` is a node.js library simpifying some routine tasks related to one-way password encryption (hash computing).

It is totally based on the standard [crypto](https://nodejs.org/api/crypto.html) module and use no external dependencies.

As the basic feature here is to apply so called [_salt_](https://en.wikipedia.org/wiki/Salt_(cryptography)) and [_pepper_](https://en.wikipedia.org/wiki/Pepper_(cryptography)), it's named after the related [condiment dispensers](https://en.wikipedia.org/wiki/Salt_and_pepper_shakers).

The library features two classes:

* [PasswordShaker](https://github.com/do-/node-pwd-shaker/wiki/PasswordShaker) implementing basic functionality;

* [PasswordShakerFile](https://github.com/do-/node-pwd-shaker/wiki/PasswordShakerFile), the derived class with `pepper` kept in a file instead of RAM.

# Installation

```sh

npm install pwd-shaker

```

# Usage

```js

const {PasswordShakerFile} = require ('pwd-shaker')

const shaker = new PasswordShakerFile ({

  path         : '/etc/this_information_system/secret_pepper',

  // order     : ['pepper', 'salt', 'pwd'],

  // algorithm : 'sha256',

  // encoding  : 'hex',

})

const {login, pwd} = //...available from input

const salt = shaker.sprinkle (32)

const hash = shaker.cook (pwd, salt)

// store login+hash+salt instead of login+pwd

//...then...

const {login, pwd} = //...available from input

const {hash, salt} = //...fetch by login

if (shaker.test (hash, pwd, salt)) {

  // auth OK

}

else {

  // kick out

}

```