Which password encryption should I use with Node.js? which one is more secure?

Asked

Viewed 3,134 times

1

I am taking a course of Node.js and in this the tutor uses md5 to encrypt the password.. more read in some articles that md5 ñ is very safe.. which is the most recommended to use with Node.js?

Thank you!

  • 1

    I believe that language does not interfere with the encryption to be used, at a glance in that question

1 answer

5

A good package for this type of action is the bcrypt, that generates passwords using salt.

The operation is simple. I will demonstrate using the following synchronous versions.

const bcrypt = require('bcryptjs');

const password = '123';

const salt = bcrypt.genSaltSync(10);
const hash = bcrypt.hashSync(password, salt);

// Guarde o `hash` na sua base de dados...

To check (compare) the hashes, use:

// Assumindo que `db_password` seja o hash encriptado no exemplo anterior:

const db_password = db.password; // Imagine que veio da base de dados.

bcrypt.compareSync('123', db_password); // Irá retornar true.
bcrypt.compareSync('456', db_password); // Irá retornar false.

To learn more and better understand how it works, I suggest you take a look at the Github repository README:

  • 1

    +1 to use bcrypt and salt. I’ve used bcrypt not only to encrypt the password, but all the sensitive user information (name, phone, etc.) and messages exchanged via chat.

  • 1

    On the above comment, bcrypt should not be used to encrypt name, let alone phone chat messages. It is a one-way HASHING, IE, the only way to find the encrypted value is to "kick" the input value, as well as the password. Other than that, it is a costly algorithm compared to encryption algorithms.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.