Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
unix-crypt-td-js
Advanced tools
The unix-crypt-td-js npm package is a JavaScript implementation of the traditional Unix crypt function, which is used for hashing passwords. It supports various hashing algorithms including DES, MD5, SHA-256, and SHA-512.
DES Hashing
This feature allows you to hash a password using the DES algorithm. The 'salt' parameter is used to perturb the hashing algorithm.
const unixCrypt = require('unix-crypt-td-js');
const hashedPassword = unixCrypt('password', 'salt');
console.log(hashedPassword);
MD5 Hashing
This feature allows you to hash a password using the MD5 algorithm. The salt parameter should start with '$1$' to indicate MD5 hashing.
const unixCrypt = require('unix-crypt-td-js');
const hashedPassword = unixCrypt('password', '$1$salt$');
console.log(hashedPassword);
SHA-256 Hashing
This feature allows you to hash a password using the SHA-256 algorithm. The salt parameter should start with '$5$' to indicate SHA-256 hashing.
const unixCrypt = require('unix-crypt-td-js');
const hashedPassword = unixCrypt('password', '$5$salt$');
console.log(hashedPassword);
SHA-512 Hashing
This feature allows you to hash a password using the SHA-512 algorithm. The salt parameter should start with '$6$' to indicate SHA-512 hashing.
const unixCrypt = require('unix-crypt-td-js');
const hashedPassword = unixCrypt('password', '$6$salt$');
console.log(hashedPassword);
bcrypt is a popular library for hashing passwords using the bcrypt algorithm. It is widely used for its security and ease of use. Unlike unix-crypt-td-js, bcrypt is specifically designed for password hashing and includes features like automatic salt generation and password comparison.
pbkdf2 is a library that implements the PBKDF2 (Password-Based Key Derivation Function 2) algorithm. It is used for securely hashing passwords and is considered more secure than traditional Unix crypt methods. It offers more flexibility in terms of iterations and key length.
argon2 is a modern and secure password hashing library that won the Password Hashing Competition in 2015. It is designed to be memory-hard to resist GPU cracking attacks. Argon2 offers more advanced security features compared to traditional Unix crypt methods.
Straightforward implementaiton of the DES-based Unix crypt(3) hash, based largely on crypt.c in the Seventh Edition Unix distribution released by Caldera Systems under a BSD-style license.
Running the Makefile requires the Google Closure Compiler installed on your path. Alternatively, you may use any JS Minifier you want.
Simple examples:
unixCryptTD('foob' /* pw */, 'ar' /* salt */) // === 'arlEKn0OzVJn.'
unixCryptTD([102, 111, 111, 98], 'ar') // === 'arlEKn0OzVJn.'
unixCryptTD([102, 111, 111, 98], [97, 114] // === 'arlEKn0OzVJn.'
unixCryptTD('foob', 'ar', true /* returnBytes */) // === [97, 114, 108, 69,
// 75, 110, 48, 79, 122, 86, 74, 110, 46]
Just run npm test
Tim Joseph Dumol <tim@timdumol.com>
BSD License:
Copyright(C) Tim Joseph F. Dumol 2011. All rights reserved. Derived from crypt.c in the Seventh Edition Unix distribution by Caldera International, which is Copyright(C) Caldera International Inc. 2001-2002. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code and documentation must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed or owned by Caldera International, Inc.
Neither the name of Caldera International, Inc. nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission.
USE OF THE SOFTWARE PROVIDED FOR UNDER THIS LICENSE BY CALDERA INTERNATIONAL, INC. AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL CALDERA INTERNATIONAL, INC. BE LIABLE FOR ANY DIRECT, INDIRECT INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,e BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
FAQs
Javascript implementation of the Unix crypt(3) DES-based hash
We found that unix-crypt-td-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.