Skip to content
/ bcrypt.js Public
forked from dcodeIO/bcrypt.js

Optimized bcrypt in plain JavaScript with zero dependencies.

dcode.io

License

Apache-2.0 license
0 stars 275 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sato-shi/bcrypt.js

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
bin
bin
 
 
dist
dist
 
 
externs
externs
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
bcrypt.png
bcrypt.png
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

bcrypt.js - bcrypt in plain JavaScript

Optimized bcrypt in plain JavaScript with zero dependencies. Compiled through Closure Compiler using advanced optimizations, 100% typed code. Compatible to the C++ bcrypt binding and also working in the browser.

Features Build Status

  • CommonJS/node.js compatible (via crypto), also available via npm
  • Shim/browser compatible (via WebCryptoAPI)
  • RequireJS/AMD compatible
  • Zero production dependencies
  • Small footprint
  • Closure Compiler externs included

Security considerations

Besides incorporating a salt to protect against rainbow table attacks, bcrypt is an adaptive function: over time, the iteration count can be increased to make it slower, so it remains resistant to brute-force search attacks even with increasing computation power. (see)

While bcrypt.js is compatible to the C++ bcrypt binding, it is written in pure JavaScript and thus slower, effectively reducing the number of iterations that can be processed in an equal time span.

Usage

node.js

npm install bcryptjs

var bcrypt = require('bcryptjs');
...

RequireJS/AMD

require.config({
    "paths": {
        "bcrypt": "/path/to/bcrypt.js"
    }
});
require(["bcrypt"], function(bcrypt) {
    ...
});

Shim/browser

<script src="//raw.github.com/dcodeIO/bcrypt.js/master/bcrypt.min.js"></script>
var bcrypt = dcodeIO.bcrypt;
...

Usage - Sync

To hash a password:

var bcrypt = require('bcryptjs');
var salt = bcrypt.genSaltSync(10);
var hash = bcrypt.hashSync("B4c0/\/", salt);
// Store hash in your password DB.

To check a password:

// Load hash from your password DB.
bcrypt.compareSync("B4c0/\/", hash); // true
bcrypt.compareSync("not_bacon", hash); // false

Auto-gen a salt and hash:

var hash = bcrypt.hashSync('bacon', 8);

Usage - Async

To hash a password:

var bcrypt = require('bcryptjs');
bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash("B4c0/\/", salt, function(err, hash) {
        // Store hash in your password DB.
    });
});

To check a password:

// Load hash from your password DB.
bcrypt.compare("B4c0/\/", hash, function(err, res) {
    // res == true
});
bcrypt.compare("not_bacon", hash, function(err, res) {
    // res = false
});

Auto-gen a salt and hash:

bcrypt.hash('bacon', 8, function(err, hash) {
});

API

bcrypt

bcrypt namespace.

bcrypt.genSaltSync(rounds*, seed_length*)

Synchronously generates a salt.

Name Type Description
rounds* number Number of rounds to use, defaults to 10 if omitted
seed_length* number Not supported.
returns string Resulting salt

bcrypt.genSalt(rounds*, seed_length*, callback*)

Asynchronously generates a salt.

Name Type Description
rounds* (number ¦ function(Error, ?string)) Number of rounds to use, defaults to 10 if omitted
seed_length* (number ¦ function(Error, ?string)) Not supported.
callback* function(Error, ?string) Callback receiving the error, if any, and the resulting salt

bcrypt.hashSync(s, salt*)

Synchronously generates a hash for the given string.

Name Type Description
s string String to hash
salt* (number ¦ string) Salt length to generate or salt to use, default to 10
returns ?string Resulting hash, actually never null

bcrypt.hash(s, salt, callback)

Asynchronously generates a hash for the given string.

Name Type Description
s string String to hash
salt number ¦ string Salt length to generate or salt to use
callback function(Error, ?string) Callback receiving the error, if any, and the resulting hash

bcrypt.compareSync(s, hash)

Synchronously tests a string against a hash.

Name Type Description
s string String to compare
hash string Hash to test against
returns boolean true if matching, otherwise false
throws Error If an argument is illegal

bcrypt.compare(s, hash, callback)

Asynchronously compares the given data against the given hash.

Name Type Description
s string Data to compare
hash string Data to be compared to
callback function(Error, boolean) Callback receiving the error, if any, otherwise the result
throws Error If the callback argument is invalid

bcrypt.getRounds(hash)

Gets the number of rounds used to encrypt the specified hash.

Name Type Description
hash string Hash to extract the used number of rounds from
returns number Number of rounds used
throws Error If hash is not a string

bcrypt.getSalt(hash)

Gets the salt portion from a hash.

Name Type Description
hash string Hash to extract the salt from
returns string Extracted salt part portion
throws Error If hash is not a string or otherwise invalid

Command line

Usage: bcrypt <input> [salt]

If the input has spaces inside, simply surround it with quotes.

Downloads

Credits

Based on work started by Shane Girish at bcrypt-nodejs (MIT-licensed), which is itself based on javascript-bcrypt (New BSD-licensed).

License

Apache License, Version 2.0 if not stated otherwise

About

Optimized bcrypt in plain JavaScript with zero dependencies.

dcode.io

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published