New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
keyhasher - npm Package Compare versions
Comparing version 1.4.0 to 1.5.0
27
index.js
@@ -61,5 +61,30 @@ var {moreSalting} = require('./algos/somersault') | ||
| module.exports = {encrypt, decrypt, hash: sha256} | ||
| const hashCompare = function (data, hash){ | ||
| if (data == null || hash == null) { | ||
| throw new Error('Pass proper arguments'); | ||
| } | ||
| const buf1 = Buffer.from(data, 'utf8'); | ||
| const buf2 = Buffer.from(hash, 'utf8'); | ||
| // Using a constant-time comparison technique | ||
| let result = true; | ||
| if (buf1.length !== buf2.length) { | ||
| result = false; | ||
| } else { | ||
| for (let i = 0; i < buf1.length; i++) { | ||
| // Use bitwise XOR to compare the characters | ||
| result &= (buf1[i] === buf2[i]); | ||
| } | ||
| } | ||
| // Clear the buffer objects to remove sensitive data from memory | ||
| buf1.fill(0); | ||
| buf2.fill(0); | ||
| return result; | ||
| } | ||
| module.exports = {encrypt, decrypt, hash: sha256, hashCompare} | ||
| // const key = require('keyhasher'); | ||
@@ -66,0 +91,0 @@ |
| { | ||
| "name": "keyhasher", | ||
| "version": "1.4.0", | ||
| "description": "", | ||
| "main": "encrypthashop.js", | ||
| "version": "1.5.0", | ||
| "description": "Simple, effective, easy to implement encryption for JavaScript", | ||
| "main": "index.js", | ||
| "scripts": { | ||
@@ -13,3 +13,3 @@ "test": "echo \"Error: no test specified\" && exit 1" | ||
| }, | ||
| "homepage": "http://metatool.in/hash", | ||
| "homepage": "https://keyhasher.nated.in", | ||
| "keywords": [ | ||
@@ -20,3 +20,9 @@ "keyhasher", | ||
| "key hash", | ||
| "key hashing" | ||
| "key hashing", | ||
| "key encryption", | ||
| "password", | ||
| "auth", | ||
| "authentication", | ||
| "encryption", | ||
| "crypt" | ||
| ], | ||
@@ -23,0 +29,0 @@ "author": "igeek", |
| Simple, effective, easy to implement encryption for JavaScript | ||
|  | ||
| ## Installation | ||
| ``` | ||
| npm install keyhasher | ||
| ``` | ||
| ## Importing | ||
| ```javascript | ||
| const { encrypt, decrypt, hash } = require('keyhasher'); | ||
| ``` | ||
| ## Features | ||
@@ -20,2 +9,3 @@ | ||
| - Uses password numbers to Encrypt and Decrypt | ||
| - Hashes a string and then later compares with a input | ||
@@ -27,39 +17,32 @@ ## How to use: | ||
| - use 'hash()' function to finally hash the encrypted value, and later compare | ||
| - use 'hashCompare()' to compare user input password and previously stored hashed password, if match, authenticate | ||
| ```javascript | ||
| const { encrypt, decrypt, hash } = require('keyhasher'); | ||
| var hashAble = encrypt("Normal Sentence", process.env.PASSCODE); // encryption | ||
| console.log(`Hashed Phrase: ${hashAble}`) | ||
| var rawWord = decrypt("Hashed code", process.env.PASSCODE); // decryption | ||
| console.log(`Output: ${rawWord}`) | ||
| const hashed = hash(hashAble); // encryption + hashing | ||
| console.log(`Hashed: ${hashed}`) | ||
| ``` | ||
| ### Example 💡 | ||
| ```javascript | ||
| const { encrypt, decrypt, hash, hashCompare } = require('keyhasher'); | ||
| var hashAble = encrypt("Hi", 572); | ||
| console.log(`Hashed Phrase: ${hashAble}`) | ||
| var encryptedWord = encrypt("Normal Sentence", 572); // use code directly or use via .env | ||
| console.log(`Encrypted Phrase: ${encryptedWord}`) // Output: "QGFkX1NeEkVXYGZXYFVX" | ||
| // Hashed Phrase: X4A= | ||
| var rawWord = decrypt(encryptedWord, 572); // or use process.env.PASSCODE | ||
| console.log(`Output: ${rawWord}`) // Output: "Normal Sentence" | ||
| var rawWord = decrypt("X4A=", 572); | ||
| console.log(`Output: ${rawWord}`) | ||
| const hashed = hash(encryptedWord); // encryption + hashing | ||
| console.log(`Hashed: ${hashed}`) // Output: "5bf22a00c0df8757f68e700066bd56c5edffc4103f9587666ccbde062a0f52f5" | ||
| // Real Phrase: Hi | ||
| const isCorrect = hashCompare(hash('user given password'), hashed); // it hashes user input & compares with the hashed value stored in database | ||
| console.log(isCorrect); // returns a boolean | ||
| const hashed = hash(hashAble); | ||
| console.log(`Hashed: ${hashed}`) | ||
| ``` | ||
| // Hashed: 6ea0e40d8582b04ed49df26051a4359ce015cdddeaad6ddd54dc5540e130e3a7 | ||
| ## The hashCompare function | ||
| The hashCompare() function can't be affected with Timing attack. | ||
| ``` | ||
| Timing attacks are a type of attack that can be used to determine the contents of a secret string by measuring the time it takes to compare two strings character-by-character. To prevent timing attacks, Keyhasher uses a constant-time string comparison algorithm. | ||
| The use of Buffer in the implementation of the secure string comparison function is to convert the input strings into a format that can be easily compared byte-by-byte in a constant-time manner. Buffer is a built-in class in Node.js that provides a way to represent binary data in the form of a fixed-size sequence of bytes. | ||
| [©IndGeek](https://indgeek.com) | ||
| [©Soumya Mondal](https://soumyamondal.com) |
New alerts
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
Fixed alerts
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.98%
54494
- Lines of code
- increased by3.3%
657
Worsened metrics
- Number of lines in readme file
- decreased by-26.98%
46
No dependency changes