pbkdf2-password-hash v3.1.1

pbkdf2-password-hash

hash password with pbkdf2

Generation and validation of passwords using PBKDF2 hashes.

Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2. Per default uses sha512 with 512 bit key and 120,000 iterations.

This is as recommended by OWASP.

ToC

• Example
• API
  • hash(password, [salt], [opts])
  • compare(password, passwordHash)
• Migrating from v1
• Installation
• Tests
• LICENSE

Example

Generate new password hash

import passwordHash from 'pbkdf2-password-hash'

// generates random salt
passwordHash.hash('password')
  .then((hash) => {
    //> hash === 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog=='
  })

Generate password hash with different options

passwordHash.hash('password', {iterations: 100, digest: 'sha1', keylen: 16, saltlen: 16})
.then((hash) => {
  //> hash === 'sha1$100$16$fwzPKhZjCQSZMz+hY7A29A==$KdGdduxkKd08FDUuUVDVRQ=='
})

Validate password hash

const hash = 'sha512$120000$64$hBKkXNgl006VdFvQPyCawVYwdT78Uns1x0VnixvHHKfVzjS0Y0p58auWZ5AVV6MFGt/E1HaJ2MOqJSlKkaDspA==$zkq/ubSJoqflS23Ot5EkI6H+LE+D26p+6C0wtPHIr4HPVZPfXR/ZiflXAQ01b2uXCfHN8XUzOXWY9MqcvBYIog=='
passwordHash.compare('password', hash)
.then((isValid) => {
  //> isValid === true
})

API

hash(password, [salt], [opts])

Generate a new password hash for password using PBKDF2. Safety is obtained by using safe digest, large number of iterations and large key-length for PBKDF2

Parameters

Returns Promise, hashed password in <digest>$<iterations>$<keylen>$<salt>$<hash> notation

compare(password, passwordHash)

validate password against passwordHash

Parameters

Returns Promise, true if hash matches password

Installation

Requires nodejs >= v6.0.0

$ npm install --save pbkdf2-password-hash

Tests

$ npm test

LICENSE

UNLICENSE https://unlicense.org