skyrpex · March 30, 2022 15:56
diff --git a/salt-hash-password.js b/salt-hash-password.js
 const crypto = require('crypto')
 const { promisify } = require('util')
 const pbkdf2 = promisify(crypto.pbkdf2)

 module.exports = { createHashPasswordFn, isPasswordCorrect }

 /**
 * @typedef {Object} HashPassword
 * @property {String} hash
 * @property {String} salt
 * @property {Number} iterations - HMAC digest: Iterations
 * @property {Number} keylength - HMAC digest: Key byte length
 * @property {String} digest - HMAC digest: algorithm, see crypto.getHashes()
 */

 /**
 * Create a hashPassword function
 * @param {Number} saltlength - Number of random salt bytes
 * @param {Number} iterations
 * @param {Number} keylength
 * @param {String} digest
 * @return {Function}
 */
 function createHashPasswordFn(saltlength, iterations, keylength, digest) {
  /**
   * Hash a password with a random salt
   * @param {String} password
   * @return {Promise<HashPassword>}
   */
  return async function hashPassword(password) {
    const salt = crypto.randomBytes(saltlength).toString('base64')
    const hashBuffer = await pbkdf2(password, salt, iterations, keylength, digest)
    const hash = hashBuffer.toString('hex')
    return { hash, salt, iterations, keylength, digest }
  }
 }

 /**
 * Compare password attempt to a saved salt-hash-password
 * @param {HashPassword} hashPassword - Saved salt-hash-password
 * @param {String} passwordAttempt - Plain text password attempt
 * @return {Promise<Boolean>}
 */
 async function isPasswordCorrect(hashPassword, passwordAttempt) {
  const hashBuffer = await pbkdf2(
    passwordAttempt,
    hashPassword.salt,
    hashPassword.iterations,
    hashPassword.keylength,
    hashPassword.digest
  )
  const hashAttempt = hashBuffer.toString('hex')
  return hashPassword.hash == hashAttempt
 }
diff --git a/usage.js b/usage.js
 const { createHashPasswordFn, isPasswordCorrect } = require('./salt-hash-password')

 ;(async function() {

  // Sane defaults for May 2018
  const hashPassword = createHashPasswordFn(128, 1e5, 64, 'sha512')

  // Result hash is different each time
  const pw1 = await hashPassword('s3cret_1')
  const pw2 = await hashPassword('s3cret_1')
  pw1.hash === pw2.hash
  //=> false

  // Succesful comparison when given the right password and salt-hash settings
  const pw3 = await hashPassword('s3cret_2')
  const result = await isPasswordCorrect(pw3, 's3cret_2')
  //=> true

 })()
	const crypto = require('crypto')
	const { promisify } = require('util')
	const pbkdf2 = promisify(crypto.pbkdf2)

	module.exports = { createHashPasswordFn, isPasswordCorrect }

	/**
	* @typedef {Object} HashPassword
	* @property {String} hash
	* @property {String} salt
	* @property {Number} iterations - HMAC digest: Iterations
	* @property {Number} keylength - HMAC digest: Key byte length
	* @property {String} digest - HMAC digest: algorithm, see crypto.getHashes()
	*/

	/**
	* Create a hashPassword function
	* @param {Number} saltlength - Number of random salt bytes
	* @param {Number} iterations
	* @param {Number} keylength
	* @param {String} digest
	* @return {Function}
	*/
	function createHashPasswordFn(saltlength, iterations, keylength, digest) {
	/**
	* Hash a password with a random salt
	* @param {String} password
	* @return {Promise<HashPassword>}
	*/
	return async function hashPassword(password) {
	const salt = crypto.randomBytes(saltlength).toString('base64')
	const hashBuffer = await pbkdf2(password, salt, iterations, keylength, digest)
	const hash = hashBuffer.toString('hex')
	return { hash, salt, iterations, keylength, digest }
	}
	}

	/**
	* Compare password attempt to a saved salt-hash-password
	* @param {HashPassword} hashPassword - Saved salt-hash-password
	* @param {String} passwordAttempt - Plain text password attempt
	* @return {Promise<Boolean>}
	*/
	async function isPasswordCorrect(hashPassword, passwordAttempt) {
	const hashBuffer = await pbkdf2(
	passwordAttempt,
	hashPassword.salt,
	hashPassword.iterations,
	hashPassword.keylength,
	hashPassword.digest
	)
	const hashAttempt = hashBuffer.toString('hex')
	return hashPassword.hash == hashAttempt
	}
	const { createHashPasswordFn, isPasswordCorrect } = require('./salt-hash-password')

	;(async function() {

	// Sane defaults for May 2018
	const hashPassword = createHashPasswordFn(128, 1e5, 64, 'sha512')

	// Result hash is different each time
	const pw1 = await hashPassword('s3cret_1')
	const pw2 = await hashPassword('s3cret_1')
	pw1.hash === pw2.hash
	//=> false

	// Succesful comparison when given the right password and salt-hash settings
	const pw3 = await hashPassword('s3cret_2')
	const result = await isPasswordCorrect(pw3, 's3cret_2')
	//=> true

	})()