unixpass

In A Nutshell

This is a native javascript implementation of Unix/Linux compatible password hashing. The currently implemented variants include legacy-DES (13 characters [./0-9A-Za-z]), extended-DES (underscore followed by 19 characters) MD5 ($1$), SHA256 ($5$), SHA512 ($6$), and BCrypt ($2a$).

Usage

const up = require('unixpass');

// Returns password hash using SHA256
up.crypt('mypassword', '$5$saltsaltmoresalt');

// Returns a password hash with autogenerated salt using SHA512
up.mkpass('mypassword');

// Returns true if password matches hash, false otherwise
up.check('mypassword', '$1$saltsalt$dfhjlwheucnsdicbnwuibnwicb');

Caution!

Be aware that legacy-DES only cares about first 8 characters of the password. While no new passwords should be encrypted using that, it may be useful in validating some old stuff. Also, it is an interesting piece of history that deserves to be reimplemented also in js.

BCrypt

I don't like BCrypt and didn't even think that I'd ever implement it, but eventually did it anyways. The code does not implement any backward compatibilities for earlied bugs. Instead, it blindly accepts any currently known variant specifier, but performs the actual hashing identically. The maximum meaningful length of the UTF-8 encoded password in BCrypt is 72 bytes. Longer passwords are truncated.

Author

Timo J. Rinne tri@iki.fi

License

GPL-2.0