You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This function takes the `input` string and creates a bcrypt hash using `bcryptRounds` param value. The bigger the value, the longer it takes to calculate the hash(the salt to be more exact). This makes it secure and resistant to brute force attacks.
The calculated hash is then encrypted with selected cipher and a password. You can pass any of the supported node.js cipher type. The resulting value is returned via a promise. In case of any error - the promise rejects with an error message.
This function first decrypts the `encryptedHash`. Obviously the `password` and `cipherType` should match the pair used to encrypt the hash. When it's successfully decrypted, bcrypt compares the plain text `input` with the decrypted hash value. If those values match, the promise returned from `compare()` resolves with `true`, otherwise - `false`. The promise rejects if an error occurs in any of the described steps.
The Dropbox model assumes that each user's password has its own, cryptographically strong salt and that it's stored with the hash. The salt generation is provided by bcrypt itself. You just need to store one token that consists of the hash and salt in a single string. To make the storage more secure, a global pepper - `password` - is applied to encrypt all users' hashes. To lift the passwords storage to another level you can rotate the global pepper periodically and re-encrypt all passwords once in a while with a new one.
