Pwd-shaker NPM

Jest coverage

pwd-shaker is a node.js library simpifying some routine tasks related to one-way password encryption (hash computing).

It is totally based on the standard crypto module and use no external dependencies.

As the basic feature here is to apply so called salt and pepper, it's named after the related condiment dispensers.

The library features two classes:

PasswordShaker implementing basic functionality;
PasswordShakerFile, the derived class with pepper kept in a file instead of RAM.

Installation

npm install pwd-shaker

Usage

const {PasswordShakerFile} = require ('pwd-shaker')

const shaker = new PasswordShakerFile ({
  path         : '/etc/this_information_system/secret_pepper',
  // order     : ['pepper', 'salt', 'pwd'],
  // algorithm : 'sha256',
  // encoding  : 'hex',
})

const {login, pwd} = //...available from input
const salt = shaker.sprinkle (32)
const hash = shaker.cook (pwd, salt)
// store login+hash+salt instead of login+pwd

//...then...

const {login, pwd} = //...available from input
const {hash, salt} = //...fetch by login
if (shaker.test (hash, pwd, salt)) {
  // auth OK
}
else {
  // kick out
}

password hash salt pepper

1.0.0

1 year ago