Skip to content

Node.js module for verifying unixcrypt/SHA-512 password hashes

License

Notifications You must be signed in to change notification settings

scalgo/unixcrypt

 
 

Repository files navigation

Unixcrypt for Node.js

travis build codecov coverage version license

A Node.js module for encrypting and verifying passwords according to the SHA-256 and SHA-512 Crypt standard: https://www.akkadia.org/drepper/SHA-crypt.txt

Dependencies

This package has no external dependencies. It uses the cryptographic facilities built into Node.js.

For development, there are dependencies on TypeScript, Jest, Chai, ts-node.

Goals and motivation

I needed an implementation of SHA-512-crypt for another project (for compatibility purposes with an older project), and I wasn't happy with any of the already available packages. Another motivation was that I wanted to write a Node.js module in TypeScript. This seemed a perfect candidate as it's:

  • something that I need
  • a well known standard
  • plenty of tests already written

Installation

$ npm install unixcrypt

Usage

JavaScript

The JavaScript usage is similar to the TypeScript below, but you'll want to use the require("unixcrypt") construct instead of import ...

var unixcrypt = require("unixcrypt")

const plaintextPassword = "password"
const pwhash = unixcrypt.encrypt(plaintextPassword)

// verify password with generated hash
console.log(unixcrypt.verify(plaintextPassword, pwHash))
// true

TypeScript

import { encrypt, verify } from "unixcrypt"

const plaintextPassword = "password"

// without providing salt, random salt is used, and default number of rounds
const pwHash = encrypt(plaintextPassword)

// verify password with generated hash
console.log(verify(plaintextPassword, pwHash))
// true

// specify number of rounds
const moreRounds = encrypt(plaintextPassword, "$6$rounds=10000")
console.log(verify(plaintextPassword, moreRounds))
// true

// provide custom salt
const customSalt = encrypt(plaintextPassword, "$6$salt")
console.log(verify(plaintextPassword, customSalt))
// true

// or provide both rounds and salt
const customRoundsAndSalt = encrypt(plaintextPassword, "$6$rounds=10000$salt")
console.log(verify(plaintextPassword, moreRounds))
// true

// you can also use SHA-256
const sha256 = encrypt(plaintextPassword, "$5")
console.log(verify(plaintextPassword, sha256))
// true

Test

The tests are written with Chai, and Jest by way of ts-jest.

$ npm test

or

$ npm test:watch

to get automatic re-tests when files are changed.

About

Node.js module for verifying unixcrypt/SHA-512 password hashes

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • TypeScript 98.4%
  • JavaScript 1.6%