0.1.2-alpha.0 • Published 1 year ago

@expass/node v0.1.2-alpha.0

Weekly downloads
-
License
GPL-2.0
Repository
-
Last release
1 year ago

ExPass for node

Save your passwords securely with ExPass. ExPass is a library that allows you to encrypt and compare passwords in a simple and secure way.

This library uses the scrypt algorithm to hash the password, and then follow the official OWASP Password Storage Cheat Sheet recommendations to store the password.

Note: This software is under revision and may have future changes.

Features

  • Use salt + pepper
  • Use scrypt algorithm (Against GPU/FPGA/ASIC attacks)
  • Add simetric encryption (Against data breaches)
  • Use global secret (a.k.a. pepper) for extra security
  • Customizable values
  • Easy to use
  • Modern and secure
  • Use Promises

Installation

npm install @expass/node

Usage

import { ExPass } from '@expass/node';

const SECRET = 'UDxv1fCm4SQ9yMGN1h7cXxhseQ5B3b1J5FhJ26m4';

(async () => {
    const expass = new ExPass(SECRET);

    const encoded = await expass.encode('my_password');
    // $expass$v=1$fhuNdqUJe0hmYD7uGaAbmg$G2uVgUC0CnXoEy1lxs1BXuNd1sR9MDcP07b5.FxE1fGFMW7dDk_07eSEANZ.j5qX 

    const isValid = await expass.verify('my_password', encoded);
    // true

})();

Customize params

import { ExPass } from '@expass/node';

const SECRET = 'UDxv1fCm4SQ9yMGN1h7cXxhseQ5B3b1J5FhJ26m4';

(async () => {
    const expass = new ExPass(SECRET, {
        power: 20,
        saltLength: 32,
    });

    const encoded = await expass.encode('my_password');
})();

Options

The options are:

OptionTypeDescriptionDefault
powernumberThe power of the scrypt algorithm14
encodeHashLenghtnumberThe block size used to encode the password64
saltLengthnumberThe length of the salt used in the scrypt algorithm16
preHashAlgorithmstringThe algorithm used to pre-hash the password'sha256'
postHashAlgorithmstringThe algorithm used to post-hash the password'sha256'
hmacAlgorithmstringThe algorithm used to generate the HMAC'sha256'
keyDerivationPowernumberThe power of the scrypt for simetric key derivation10
cipherAlgorithmstringThe algorithm used to encrypt the password'aes-256'

Contributing

If you want to contribute to this project, you can fork this repository and make a pull request. You can also open an issue if you find a bug or have a suggestion.

passwordhashingencriptionsecurityscrypt
@expass/corereflect-metadatatsyringe
0.1.2-alpha.0

1 year ago

0.1.1-alpha.0

1 year ago