passwordless
Advanced tools
Comparing version
@@ -0,1 +1,12 @@ | ||
# 1.0.4 (2014-10-29) | ||
Bugfixes: | ||
- FIXED wrong capitalization of lib/passwordless folder | ||
Features: | ||
- UPDATE dependency of Base58 encoder to bs58 (pure JS) | ||
Documentation: | ||
- N/A | ||
# 1.0.3 (2014-10-25) | ||
@@ -2,0 +13,0 @@ |
@@ -6,2 +6,2 @@ 'use strict'; | ||
module.exports = new Passwordless(); | ||
module.exports.Passwordless = Passwordless; | ||
module.exports.Passwordless = Passwordless; |
@@ -5,3 +5,3 @@ 'use strict'; | ||
var crypto = require('crypto'); | ||
var base58 = require('base58-native'); | ||
var base58 = require('bs58'); | ||
@@ -8,0 +8,0 @@ /** |
{ | ||
"name": "passwordless", | ||
"version": "1.0.3", | ||
"version": "1.0.4", | ||
"description": "A node.js/express module for passwordless authentication", | ||
@@ -49,4 +49,4 @@ "main": "index.js", | ||
"dependencies": { | ||
"base58-native": "^0.1.4" | ||
"bs58": "^2.0.0" | ||
} | ||
} |
@@ -463,3 +463,3 @@ # Passwordless | ||
## The tokens and security | ||
By default, tokens are generated using 16 Bytes of pseudo-random data as produced by the cryptographically strong crypto library of Node.js. This can be considered strong enough to withstand brute force attacks especially when combined with a finite time-to-live (set by default to 1h). In addition, it is absolutely mandatory to store the tokens securely by hashing and salting them (done by default in TokenStores such as [MongoStore](https://github.com/florianheinemann/passwordless-mongostore). Security can be further enhanced by limiting the number of tries per user ID before locking that user out from the service for a certain amount of time. | ||
By default, tokens are generated using 16 Bytes of pseudo-random data as produced by the cryptographically strong crypto library of Node.js. This can be considered strong enough to withstand brute force attacks especially when combined with a finite time-to-live (set by default to 1h). In addition, it is absolutely mandatory to store the tokens securely by hashing and salting them (done by default with TokenStores such as [MongoStore](https://github.com/florianheinemann/passwordless-mongostore)). Security can be further enhanced by limiting the number of tries per user ID before locking that user out from the service for a certain amount of time. | ||
@@ -466,0 +466,0 @@ ## Further documentation |
48528
0.34%594
0.17%+ Added
+ Added
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed
- Removed