New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

pbkdf2-password

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

pbkdf2-password

Easy salt/password creation for Node.js, extracted from Mosca

  • 1.2.1
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
524
decreased by-85.35%
Maintainers
1
Weekly downloads
 
Created
Source

pbkdf2-password Build Status

Easy salt/password creation for Node.js, extracted from Mosca.

Usage

var bkfd2Password = require("pbkdf2-password");
var hasher = bkfd2Password();
var assert = require("assert");
var opts = {
  password: "helloworld"
};

hasher(opts, function(err, pass, salt, hash) {
  opts.salt = salt;
  hasher(opts, function(err, pass, salt, hash2) {
    assert.deepEqual(hash2, hash);

    // password mismatch
    opts.password = "aaa";
    hasher(opts, function(err, pass, salt, hash2) {
      assert.notDeepEqual(hash2, hash);
      console.log("OK");
    });
  });
});

API

### bkfd2Password(options)

Creates a new hasher functions, with the specified options.

Options:

  • saltLength, the length of the random salt
  • iterations, number of pbkdf2 iterations
  • keyLength, the length of the generated keys
  • digest, the digest algorithm, default 'sha1'
### hasher(opts, function(err, pass, salt, hash))

Hash a password, using a hash and the pbkd2 crypto module.

Options:

  • password, the password to hash.
  • salt, the salt to use, as a base64 string.

If the password is left undefined, a new 10-bytes password will be generated, and converted to base64.

If the salt is left undefined, a new salt is generated.

The callback will be called with the following arguments:

  • the error, if something when wrong.
  • the password.
  • the salt, encoded in base64.
  • the hash, encoded in base64.

License

MIT

Keywords

FAQs

Package last updated on 29 Sep 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

38% of CISOs Fear They’re Not Moving Fast Enough on AI

Security News

38% of CISOs Fear They’re Not Moving Fast Enough on AI

CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.

By Sarah Gooding  -  Feb 04, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc