I am using bcrypt package to generate encrypt passwords. I am using the code below to encrypt the password:
let bcrypt = require('bcrypt');
var hash = bcrypt.hashSync(password, 10);
It returns different hash for same password. But my requirement is that I need same hash for same password. Please let me is it possible using bcrypt package. If not please suggest me different package that I can use?
EDIT:
I am using oauth2-server package. And with this package I am generation token. So in this package there is no way to compare the hash. As that work is handled internally by the package. So I am looking for package that can give me same hash.
Related
I know I can verify plain message with following code:
const verify = crypto.createVerify('sha256')
verify.write(Buffer.from(message, 'base64'))
verify.end()
const verified = verify.verify(publicKey, signatureToVerify, 'base64')
But I need to verify against the already hashed message, instead of node hashing it for me. Is it possible to do it with node's crypto module?
I'm currently generating JWT using node-jsonwebtoken in Node 4. When I'm trying to upgrade to Node 8, I'm unable to sign a JWT generated in Node 4 (using same secret & payload, the signature is different). This is a problem as I don't want to invalidate older tokens.
The problem comes from the node-jwa library, a dependency node-jws which is a dependency of node-jsonwebtoken. I referenced the issue on GitHub, and as you can see the author of the module is able to reproduce the issue. Here is the code if you want to test:
const crypto = require('crypto');
const jwa = require('jwa');
const secret = crypto.createHash('sha256').update('secret').digest('binary');
const payload = {
uid: 'test',
iat: 1455988418,
iss: 'test'
};
const algo = jwa('HS256');
const sig = algo.sign(payload, secret);
console.log(sig);
// Node v4 => "_zPq9vDP4_Ve0mTVTF_9H3NRkluQhoR4yAg8X4yqR8Q"
// Node v6 => "hk9bpxID-HOmvNpJUy7x80KqT5JP8tb_BoAJLYVIYsE"
As I understood, the problem is that the default encoding for digests was changed to utf8 in v5/v6. In v4 and earlier it was binary.
Cf => github.com/nodejs/node/issues/6813
As the maintener of node-jwa is no longer replying, I'm trying to find a workaround as I really don't want to be sticked in Node 4 forever (which is no longer LTS).
I've tried to find where to modify the node-jwa library so that it can sign in Node 8 my token the same way as Node 4 did.
Seems the line affecting my problem is here in the library => github.com/brianloveswords/node-jwa/blob/master/index.js#L35
I've tried to make a few changes, but was unable to make this work...
If you have any idea of a good workaround,
Thank you very much!
I created an app using MongoDB, NodeJS, Express.
I am using passport-local-mongoose for user authentication. Thus my users collection has:
* username
* password
* Salt
* Hash
Basically I created a web app and I'm trying to create 100 fake users just to populate the site (testing purposes).
After some initial research, I decided that creating JSON data then using MongoDB import would be the best approach (what do you think?)
My question is:
-- What is the best way to create a random username, password, salt, hash?
I was looking at this, but it doesn't have Hash https://www.npmjs.com/package/random-user
Then
https://www.npmjs.com/package/password-hash
But I can't get salt...
What would you do?
If it was me ( and I do this all the time just for the sake of testing) I'd go for a for loop :
for (var i=0; i <= 100; i++){
// add the user and pwd .you could even use math.random() to randomize your data
}
There's also an API called Faker , you can install it with npm . But above was only my quick method of doing things.
Good luck
My SuiteScript Service MyService.Service.ss file is attempting to use the Node.js library Crypto but I get the error Error: No crypto when I run my service.
Does the Node.js version that SCA uses not have the Crypto library installed? Do I need to explicitly add Crypto as a dependency to distro.json? If so where? Do I need to install Crypto? If so, any advice how - I'm new to Node.js.
I am using pretty much standard Crypto functions, see below for the code that causes the problem:
function service (request)
{
'use strict';
var crypto = require('crypto'); // Error here
var token = crypto.createHmac('md5', public_key)
.update(private_key)
.digest('hex');
...
}
Netsuite doesn't use the V8 engine so you are pretty much out of luck with crypto.
I've used Paul Johnston's md5 package for hmac calc for years and it is fast enough and interoperates well. Name says MD5 but it includes SHA-1,256,512 as well.
I'm using node.js 0.10.12. I have generated 2048-bit RSA keypairs that I store as .pem files locally.
Using the built-in 'crypto' library that comes with node, I am trying to decrypt a block of data encrypted with the public RSA key mentioned above.
I've gotten this far:
var privateKey = fs.readFileSync('private.pem', { encoding: 'utf8' });
var cryptOpt = { key: /* PEM encoded private key */ privKey };
var cred = crypto.createCredentials( cryptOpt );
var rsa = crypto.createDecipheriv( 'rsa', cred.?key-in-binary-format?, cred.?initialization vector? );
I'm not sure I'm on the right path here.
• I don't know where the key is stored in binary form inside 'cred'.
• I don't know what to put in initialization-vector parameter.
The data will be encrypted using standard libraries on iOS, which, to my knowledge, does not allow the user to specify an initialization vector when encrypting with RSA.
I haven't been able to extract much knowledge or understanding from the node.js crypto docs:
http://nodejs.org/api/crypto.html
As there isn't any asymmetric encryption happening in the nodejs, I think you are more or less lost in the woods. You will require another library if you want to encrypt anything with RSA. The openssl list-cipher-algorithms documentation that crypto.createCipher(algorithm, password) and crypto.createCipheriv(algorithm, key, iv) only lists symmetric algorithms such as AES and DES (etc.). An IV is only used for symmetric algorithms in general in either way. nodejs only seems to support RSA signing and verification.
I would really suggest to get deeper into the subject matter before continuing on your development path.