shaker
v0.1.0shaker
shaker hashes and verifies passwords in a cryptographically secure way using PBKDF2.
Installation
$ npm install shaker
Quick start
First you need to integrate shaker into your application. For that add a reference to the shaker
module.
var shaker = require('shaker');
Hashing passwords
To hash a password call the generate
function and specify the password as well as a callback. The callback gets a randomly chosen salt and the key that was calculated using the password and this salt.
shaker.generate('secret', function (err, salt, key) {
// ...
});
Verifying passwords
To verify a password entered by the user you need the salt and the key that were generated by the generate
function. Using these values call the verify
function and additionally provide a callback that receives whether the password could be successfully verified or not.
shaker.verify('secret', salt, hash, function (err, verified) {
// ...
});
Please note that verifying artificially delays calling the callback for 250ms. This is to avoid brute force attacks by automatically guessing and trying random passwords.
Running the build
This module can be built using Grunt. Besides running the tests, this also analyses the code. To run Grunt, go to the folder where you have installed shaker and run grunt
. You need to have grunt-cli installed.
$ grunt
License
The MIT License (MIT) Copyright (c) 2014 the native web.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.