secure-hasher v1.2.0
Secure-Hasher
secure-hasher
is a Node.js library designed for secure password hashing utilizing the scrypt
algorithm, providing robust defense against brute-force attacks. It adopts a singleton pattern for ease of use across your application and is built to protect against timing attacks through its asynchronous operations.
Features
- Secure Hashing: Uses the
scrypt
algorithm for reliable password security. - Singleton Design: Ensures consistent usage throughout your application.
- Asynchronous Operations: Supports Promises for non-blocking execution.
- Timing Attack Protection: Implements measures to safeguard against timing vulnerabilities.
Prerequisites
To use secure-hasher
, you need to have Node.js version 16.0.0 or higher installed. This requirement ensures that all features and functionalities of secure-hasher
work as intended and take advantage of the latest improvements in Node.js.
You can check your current Node.js version by running node --version
in your terminal. If you need to update your Node.js, visit Node.js's official website or use your favorite version manager like nvm
or n
.
Installation
Install secure-hasher
with the following command:
npm install secure-hasher
Usage
ES6 Modules
Hashing a Password
Using Promises
import { SecureHasher } from 'secure-hasher';
const hasher = SecureHasher.getInstance();
const password = 'yourSuperSecretPassword';
const saltLength = 16;
hasher.hash(password, saltLength)
.then(hash => console.log(`Hashed password: ${hash}`))
.catch(error => console.error(`Error hashing password: ${error}`));
Using async/await
import { SecureHasher } from 'secure-hasher';
const hasher = SecureHasher.getInstance();
const saltLength = 16;
async function hashPassword(password) {
try {
const hash = await hasher.hash(password, saltLength);
console.log(`Hashed password: ${hash}`);
} catch (error) {
console.error('Hashing failed:', error);
}
}
// Example usage
hashPassword('yourSuperSecretPassword');
Verifying a Password
Using Promises
import { SecureHasher } from 'secure-hasher';
const hasher = SecureHasher.getInstance();
const password = 'yourSuperSecretPassword';
const hash = 'storedHash'; // Use the stored hash here
hasher.compare(password, hash)
.then(isMatch => console.log(`Password verification result: ${isMatch}`))
.catch(error => console.error(`Error verifying password: ${error}`));
Using async/await
import { SecureHasher } from 'secure-hasher';
async function verifyPassword(password, hash) {
try {
const isMatch = await hasher.compare(password, hash);
console.log(`Password match: ${isMatch}`);
} catch (error) {
console.error('Comparison failed:', error);
}
}
// Example usage
verifyPassword('yourSuperSecretPassword', 'storedHash'); // Replace 'storedHash' with your actual hash
CommonJS
Hashing a Password
Using async/await:
const { SecureHasher } = require('secure-hasher');
const hasher = SecureHasher.getInstance();
const saltLength = 16;
async function hashPassword(password) {
try {
const hash = await hasher.hash(password, saltLength);
console.log(`Hashed password: ${hash}`);
} catch (error) {
console.error('Hashing failed:', error);
}
}
// Example usage
hashPassword('yourSuperSecretPassword');
Verifying a Password
Using async/await:
const { SecureHasher } = require('secure-hasher');
async function verifyPassword(password, hash) {
try {
const isMatch = await hasher.compare(password, hash);
console.log(`Password match: ${isMatch}`);
} catch (error) {
console.error('Comparison failed:', error);
}
}
// Example usage
verifyPassword('yourSuperSecretPassword', 'storedHash'); // Replace 'storedHash' with your actual hash
API Reference
- getInstance(keyLength = 32): Retrieves the singleton instance of SecureHasher.
- hash(password, saltLength): Asynchronously hashes a password, returning the hash.
- compare(password, hash): Asynchronously compares a plaintext password with a hashed string, indicating a match with a boolean.
Testing
Run tests with
npm run test
Contributing
Contributions are highly appreciated. Feel free to fork the repository, make your enhancements, and submit a pull request for review.
License
secure-hasher
is open-source software licensed under the MIT License. For more details, see the LICENSE file in this repository, encouraging collaboration and reuse within the software development community.