Password Protection
For password protection we'll use bcrypt. Bcrypt creates highly secure salted passswords. Learn more about bcrypt: bcrypt wiki. Note that bcrypt hashes passwords in an extremely secure way. It differs from other hashing methods like MD5 by putting a roadblock in the way between the hash and a hacker (specifically, time). Let's see how this works.
To use bcrypt in node we need to install / use the bcrypt npm module.
Install bcrypt
npm install bcrypt --save
Hash password
//example
bcrypt.hash('myPassword', 10, function(err, hash) {
//hash = hashed password (using salt)
});
bcrypt.hash() takes 3 parameters
- Password to hash -- self explanitory
- Rounds -- Number of rounds of processing when generating the salt. The higher the number, the longer it takes to generate the hash, and the more secure the hash.
- Callback function (called when the hashing completes)
There's also a synchronous version of this function called bcrypt.hashSync
.
Note about rounds: The higher the number, the longer it will take for a potential hacker to crack the password via brute-force. HOWEVER, it also takes longer to create the password. The default value of 10 takes less than a second. A value of 13 will take about a second. 25 will take about an hour and 30 will take DAYS to complete. The default value of 10 is perfectly fine for now.