Skip to content

Instantly share code, notes, and snippets.

@skeggse
skeggse / crypto-pbkdf2-example.js
Last active September 22, 2024 06:41
Example of using crypto.pbkdf2 to hash and verify passwords asynchronously, while storing the hash and salt in a single combined buffer along with the original hash settings
var crypto = require('crypto');
// larger numbers mean better security, less
var config = {
// size of the generated hash
hashBytes: 32,
// larger salt means hashed passwords are more resistant to rainbow table, but
// you get diminishing returns pretty fast
saltBytes: 16,
// more iterations means an attacker has to take longer to brute force an
@mba7
mba7 / crypto-pbkdf2-promise-example.js
Last active October 12, 2020 14:39 — forked from skeggse/crypto-pbkdf2-example.js
Example of using crypto.pbkdf2 to hash and verify passwords asynchronously using bluebird promise, while storing the hash and salt in a single combined buffer along with the original hash settings
var Promise = require('bluebird');
var crypto = Promise.promisifyAll(require("crypto"));
// http://security.stackexchange.com/questions/110084/parameters-for-pbkdf2-for-password-hashing
var config = {
hashBytes : 64, // size of the generated hash (to be chosen accordint the the chosen algo)
saltBytes : 16, // sise of the salt : larger salt means hashed passwords are more resistant to rainbow table
iterations : 500000, // tune so that hashing the password takes about 1 second
algo :'sha512',
encoding : 'base64' // hex is readable but base64 is shorter