1.2.0 • Published 4 years ago

psswd-encrypt v1.2.0

Weekly downloads
-
License
ISC
Repository
github
Last release
4 years ago

psswd-encrypt

psswd-encrypt is a basic password encryption package.

The technique it uses is the Salt and Pepper hash encryption. Basically it takes a password string, and concatenate with two more random strings (the salt and pepper).

I've written the function so that you can store the Salt, but the pepper is randomly generated with random characters, and the amount is chosen by you.

This further improves the encryption, so that, if someone has access to your database, for example, they will only have access to the pepper and not the salt, so this means you can create a internal salt key, it's up to you what the salt will be.

1.2.0

Previously there was no way to recreate a encryption based on a existing pepper. Now there is two methods:

psswdEncrypt.RPEncrypt(password, salt, pepperN) //Receives a number for a random pepper

psswdEncrypt.EPEncrypt(password, salt, pepper) //Receives a specific pepper string (can be used to recreate a previous encryption)

  • RPEncrypt() stands for Random Pepper Encryption
  • EPEncrypt() stands for Existing Pepper Encryption

Usage

npm

npm install psswd-encrypt

The usage is as simple as calling a single function.

The function requires 2 statements with one optional statement.

  1. The main string that will be encrypted (Required)
  2. A key, can be any string that you can save for easy access later. (Required)
  3. A integer for the number for a additional number of random characters for further complex encryption. (Optional)
import psswdEncrypt from 'psswd-encrypt'

const password = 'password';
const saltKey = 'saltKey';
const pepperN = 2; //This will return a random two character string

console.log(psswdEncrypt.RPEncrypt(password, saltKey, pepperN));

//The function returns a object.

{
    password: 'password',
    salt: 'saltKey',
    pepper: 'Oa', //A example of the random characters
    encryptedString: 'passwordsaltKeyOa',
    hash: '256bit hash generated by the encryptedString variable'
}

NOTE

There's no way to decrypt the hash, to compare the passwords and allow access in a login situation, you should simply create a new hash with the password input and compare with the encrypted one (using the EPEncrypt() method) in your database. A string will always have the same results, as long it is exactly the same.

passwordencryptionhash
1.2.0

4 years ago

1.1.2

4 years ago

1.1.1

4 years ago

1.1.0

4 years ago

1.0.1

4 years ago

1.0.0

4 years ago