Node.js
Node.js has multiple packages available that provide bcrypt, the most popular is a wrapper around the OpenBSD C library.
Installation
Installation is done with npm:
$ npm install bcrypt
Usage
The package allows for both asynchronous (recommended) and synchronous usage.
Asynchronous Usage
Hashing a Password
To hash a password asynchronously, we call bcrypt.hash()
:
var bcrypt = require('bcrypt');
bcrypt.hash('password', 10, function(err, hash) {
// Store the hash
});
The first argument is the password, the second is the cost
, and the last is a callback into which two arguments are passed:
err
— Details any errorshash
— The resulting hash
This will automatically generate a salt, and use a cost of 10.
You can generate a salt manually using bcrypt.genSalt()
:
var bcrypt = require('bcrypt');
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash("password", salt, function(err, hash) {
// Store the hash
});
});
Here we create a salt with a cost
of 10
, and call the bcrypt.hash()
function inside the bcrypt.getSalt()
callback.
Verifying a Password
To verify a password asynchronously, we call bcrypt.compare()
:
bcrypt.compare("password", hash, function(err, valid) {
if (valid == true) {
// password matches
} else if (valid == false) {
// password does not match
}
});
We pass in the user supplied password, and the stored hash, as well as a callback that will recieve two arguments:
err
— Any errorsvalid
— Whether the password was valid or not
Synchronous Usage
Hashing a Password
To hash a password synchronously, do the following:
var bcrypt = require('bcrypt');
var hash = bcrypt.hashSync("password", 10);
Here we pass in the password, and a cost
of 10
. The salt is generated automatically. The resulting hash is returned directly.
We can also generate the salt manually, supplying the cost
to the bcrypt.genSaltSync()
function, and then passing the resulting salt
to bcrypt.hashSync()
in place of the cost
.
var bcrypt = require('bcrypt');
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("password", salt);
Verifying a Password
To verify a password synchronously we simply pass the password, and stored hash to bcrypt.compareSync()
. A boolean is returned:
var valid = bcrypt.compareSync("password", hash);
if (valid == true) {
// password matches
} else if (valid == false) {
// password does not match
}