Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

crypto-pbkdf2

Package Overview
Dependencies
Maintainers
1
Versions
3
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

crypto-pbkdf2

CryptoJS' PBKDF2 rollup as a stand-alone npm package. Managed by David Murdoch

  • 0.1.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
15
decreased by-25%
Maintainers
1
Weekly downloads
 
Created
Source

crypto-PBKDF2

crypto.js' PBKDF2 standalone implementation for npm.

Usage (based on Stack Exchange's PBKDF2 implementation):

var CryptoJS = require("crypto-PBKDF2");

var DEFAULT_HASH_ITERATIONS = 4000;

var SALT_SIZE: 192/8;

var KEY_SIZE = 768/32;

/**
 * Convenience wrapper around CryptoJS.lib.WordArray.random to grab a new salt value.
 * Treat this value as opaque, as it captures iterations.
 *
 * @param {number} explicitIterations An integer
 * @return {string} Return iterations and salt together as one string ({hex-iterations}.{base64-salt})
*/
function generateSalt(explicitIterations){
    var defaultHashIterations = DEFAULT_HASH_ITERATIONS;

    if(explicitIterations !== null && explicitIterations !== undefined){
        // make sure explicitIterations is an integer
        if( parseInt(explicitIterations, 10) === explicitIterations ){
            throw new Error("explicitIterations must be an integer");
        }
        // and that it is smaller than our default hash iterations
        if( explicitIterations < DEFAULT_HASH_ITERATIONS){
            throw new Error("explicitIterations cannot be less than " + DEFAULT_HASH_ITERATIONS);
        }
    }

    // get some random bytes
    var bytes = CryptoJS.lib.WordArray.random(SALT_SIZE);

    // convert iterations to Hexadecimal
    var iterations = (explicitIterations || defaultHashIterations).toString(16);

    // concat the iterations and random bytes together.
    return iterations + "." + bytes.toString(CryptoJS.enc.Base64);
}

function hashPassword( value, salt ){
    var i = salt.indexOf(".");
    var iters = parseInt(salt.substring(0, i), 16);
    var key = CryptoJS.PBKDF2(value, salt, { "keySize": KEY_SIZE, "iterations": iters });

    return key.toString(CryptoJS.enc.Base64);
}

function checkPassword(candidate, salt, hashed){
    return hashPassword( candidate, salt ) === hashed;
}

/* Save BOTH the salt and the hashedPassword to your database so you can validate the password later */
var salt = generateSalt();
var hashedPassword = hashPassword( "password", salt );
var isPassword = checkPassword( "password", salt, hashedPassword ); // true

Keywords

FAQs

Package last updated on 21 Jun 2012

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc