auth-cipher
Advanced tools
Readme
A streaming authenticated cipher with sensible defaults.
npm install auth-cipher
var authCipher = require('auth-cipher');
var cipherStream = authCipher.cipher(new Buffer('password'));
var decipherStream = authCipher.decipher(new Buffer('password'));
something.pipe(cipherStream).pipe(something).pipe(decipherStream).pipe(somewhere);
An encrypt then hmac stratagy is used.
Encryption is provided by create-cipher which is just a thin wrapper around node createCipher but using pbkdf2 to derive the key and IV. A 16 byte salt with 1000 iterations are used to derive the key and IV, aes-256-ctr is used for the cipher suite.
Authentication is provided by hmac-stream which divides the message into chunks and hmacs them using a key also derived from the password pbkdf2 but with a different salt. The size of a chunk is variable up to a certain size and is designed to be secure first with secondary goal of a trade off between avoiding too much overhead (lots of 256 bit hmacs with data chunks that are shorter then their hash) and avoiding buffering, Sync Buffer Stream is used for this. The HMAC key is incremented after each chunk and extra data is put into the last chunk to differentiate it.
FAQs
streaming authenticated cipher
The npm package auth-cipher receives a total of 1 weekly downloads. As such, auth-cipher popularity was classified as not popular.
We found that auth-cipher demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.