I'm implementing an authenticated web app and I've some questions about username and password storage.
There is no possibility of implementing any TFA method and I need some expert advice about the way I'm saving in the database the hashed password and the salt.
These are my JS functions to generate the salt and the way I hash the password:
createSalt = function() {
var len = 30;
return crypto.randomBytes(Math.ceil(len * 3 / 4))
.toString('base64') // convert to base64 format
.slice(0, len) // return required number of characters
.replace(/\+/g, '0') // replace '+' with '0'
.replace(/\//g, '0'); // replace '/' with '0'
}
hashPassword = function(password, salt) {
var hash = crypto.createHash('sha256');
hash.update(password || "");
hash.update(salt || "");
return hash.digest('hex');
}
Any comment or improvement?
Thanks in advice.
via Pablo
No comments:
Post a Comment