Security News
UK Officials Consider Banning Ransomware Payments from Public Entities
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Native implementation of Unix compatible DES/MD5/SHA256/SHA512 password hashing.
This is a native javascript implementation of Unix/Linux compatible password hashing. The currently implemented variants include legacy-DES (13 characters [./0-9A-Za-z]), extended-DES (underscore followed by 19 characters) MD5 ($1$), SHA256 ($5$), SHA512 ($6$), and BCrypt ($2a$).
const up = require('unixpass');
// Returns password hash using SHA256
up.crypt('mypassword', '$5$saltsaltmoresalt');
// Returns a password hash with autogenerated salt using SHA512
up.mkpass('mypassword');
// Returns true if password matches hash, false otherwise
up.check('mypassword', '$1$saltsalt$dfhjlwheucnsdicbnwuibnwicb');
Be aware that legacy-DES only cares about first 8 characters of the password. While no new passwords should be encrypted using that, it may be useful in validating some old stuff. Also, it is an interesting piece of history that deserves to be reimplemented also in js.
I don't like BCrypt and didn't even think that I'd ever implement it, but eventually did it anyways. The code does not implement any backward compatibilities for earlied bugs. Instead, it blindly accepts any currently known variant specifier, but performs the actual hashing identically. The maximum meaningful length of the UTF-8 encoded password in BCrypt is 72 bytes. Longer passwords are truncated.
Timo J. Rinne tri@iki.fi
GPL-2.0
FAQs
Native implementation of Unix compatible DES/MD5/SHA256/SHA512 password hashing.
The npm package unixpass receives a total of 542 weekly downloads. As such, unixpass popularity was classified as not popular.
We found that unixpass demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.