Home > Back-end >  How to properly encrypt passwords in nodejs
How to properly encrypt passwords in nodejs

Time:04-14

I'm trying to encrypt passwords in nodejs for a website using express.

Here is the function I use to encrypt the passwords:

const crypto = require('crypto');

// the problem
const key = crypto.randomBytes(32);
const iv = crypto.randomBytes(16);

encrypt(str) {
    const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
    let encrypted = cipher.update(str, 'utf8', 'hex');
    encrypted  = cipher.final('hex');
    console.log(encrypted);
    return encrypted;
}

The problem with this code is that if I were to restart this the key would be different and I would be getting different strings for the same password that's saved in the database. This wouldn't work out because I won't be able to test the password with the hash when a user submits when trying to log in.

How can I make it so that I will always receive the same encrypted string and is there a more secure way to do everything, maybe even other libraries that would do the job better?

CodePudding user response:

Normally with nodejs bcryptjs is more suggested module for password encryption and decryption.

Follow below link to take an example of BcryptJs

BcryptJs concept examples

CodePudding user response:

we can use crypto a native nodejs module, checkout the below sample code

const crypto = require('crypto');
const salt = crypto.randomBytes(16).toString('hex');
const hash = crypto.pbkdf2Sync("<password>", salt, 
    1000, 64, `sha512`).toString(`hex`)

Further sample code: https://www.geeksforgeeks.org/node-js-password-hashing-crypto-module/

Note: all cryptic operations are CPU heavy try using the async function whenever possible.

  • Related