7

What's the best way to implement password hashing and verification in node.js using only the built-in crypto module. Basically what is needed:

function passwordHash(password) {} // => passwordHash
function passwordVerify(password, passwordHash) {} // => boolean

People usually are using bcrypt or other third-party libs for this purpose. I wonder isn't built-in crypto module huge enough already to cover at least all basic needs?

There's scrypt(), which appears to be the right guy for this purpose, but there's no verified counterpart and nobody seems to care.

Yilmaz
  • 35,338
  • 10
  • 157
  • 202
disfated
  • 10,633
  • 12
  • 39
  • 50

3 Answers3

12
import { scrypt, randomBytes, timingSafeEqual } from "crypto";
import { promisify } from "util";

// scrypt is callback based so with promisify we can await it
const scryptAsync = promisify(scrypt);

Hashing process has two methods. First method, you hash the password, second method, you need to compare the new sign-in password with the stored password. I use typescript to write everything in detail

export class Password {

  static async hashPassword(password: string) {
    const salt = randomBytes(16).toString("hex");
    const buf = (await scryptAsync(password, salt, 64)) as Buffer;
    return `${buf.toString("hex")}.${salt}`;
  }

  static async comparePassword(
    storedPassword: string,
    suppliedPassword: string
  ): Promise<boolean> {
    // split() returns array
    const [hashedPassword, salt] = storedPassword.split(".");
    // we need to pass buffer values to timingSafeEqual
    const hashedPasswordBuf = Buffer.from(hashedPassword, "hex");
    // we hash the new sign-in password
    const suppliedPasswordBuf = (await scryptAsync(suppliedPassword, salt, 64)) as Buffer;
    // compare the new supplied password with the stored hashed password
    return timingSafeEqual(hashedPasswordBuf, suppliedPasswordBuf);
  }
}

Test it:

Password.hashPassword("123dafdas")
  .then((res) => Password.comparePassword(res, "123edafdas"))
  .then((res) => console.log(res));
Yilmaz
  • 35,338
  • 10
  • 157
  • 202
  • 4
    You may want to use `crypto.timingSafeEqual` to compare – disfated Apr 11 '21 at 06:29
  • 2
    Shouldn't that be `randomBytes(16)`, not `8`? Even the official Node docs themselves recommend a 16 byte (minimum) salt. – machineghost Jun 19 '22 at 21:26
  • 1
    Here's the source for @machineghost's comment: [*"The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details."*](https://nodejs.org/api/crypto.html#cryptoscryptpassword-salt-keylen-options-callback) – Advena Jan 19 '23 at 08:09
1

It is quite an interesting thread, and different solutions are provided. After my findings, I propose a solution based on the Easy profiling for Node.js Applications

See the sample code below.

// add new user
app.get('/newUser', (req, res) => {
  let username = req.query.username || '';
  const password = req.query.password || '';

  username = username.replace(/[!@#$%^&*]/g, '');

  if (!username || !password || users[username]) {
    return res.sendStatus(400);
  }

  const salt = crypto.randomBytes(128).toString('base64');
  const hash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');

  users[username] = { salt, hash };

  res.sendStatus(200);
});

validating user authentication attempts

// validating user authentication attempts
app.get('/auth', (req, res) => {
  let username = req.query.username || '';
  const password = req.query.password || '';

  username = username.replace(/[!@#$%^&*]/g, '');

  if (!username || !password || !users[username]) {
    return res.sendStatus(400);
  }

  const { salt, hash } = users[username];
  const encryptHash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');

  if (crypto.timingSafeEqual(hash, encryptHash)) {
    res.sendStatus(200);
  } else {
    res.sendStatus(401);
  }
});

Please note that these are NOT recommended handlers for authenticating users in your Node.js applications and are used purely for illustration purposes. You should not be trying to design your own cryptographic authentication mechanisms in general. It is much better to use existing, proven authentication solutions.

damisparks
  • 93
  • 1
  • 10
0
const password = "my_password"; 

// Creating a unique salt for a particular user
const salt = crypto.randomBytes(16).toString('hex'); 
  
// Hash the salt and password with 1000 iterations, 64 length and sha512 digest 
const hash = crypto.pbkdf2Sync(password, salt, 1000, 64, 'sha512').toString('hex');

Store both salt and hash for the user in DB.

const re_entered_password = "my_password";

// To verify the same - salt (stored in DB) with same other parameters used while creating hash (1000 iterations, 64 length and sha512 digest)
const newHash = crypto.pbkdf2Sync(re_entered_password, salt, 1000, 64, 'sha512').toString('hex');

// check if hash (stored in DB) and newly generated hash (newHash) are the same
hash === newHash;
Prathap Reddy
  • 1,688
  • 2
  • 6
  • 18
  • Thanks for the contribution. I see two drawbacks here (not an expert, though). 1) Requirement to store salt while I believe it's already stored somehow in hash 2) Verify function shouldn't have the same computational complexity as the hashing function. – disfated Jul 15 '20 at 07:58
  • 1) IMHO we can't extract `salt` directly from `hash`. We can store both `salt` and `hash` in one field (salt+hash) like [other crypt libraries](https://stackoverflow.com/questions/5881169/what-column-type-length-should-i-use-for-storing-a-bcrypt-hashed-password-in-a-d) do. 2) I am not exactly sure on the shortcut methods to verify the same. To the best of my knowledge, we should recreate `hash` with same computational complexity to verify if it's same as the `hash` present in DB. Hope [this answer](https://stackoverflow.com/a/17201493) clear the air for you. – Prathap Reddy Jul 15 '20 at 08:41
  • Hey @disfated, did you manage to get any simple solutions? I am little curious to know. Could you please help posting the answer if any. Thanks. – Prathap Reddy Jul 30 '20 at 09:54