We cannot directly store user password in the database.
What need to do is creating a hashed & salted string which reperstanting the user password.
This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.
var crypto = require('crypto'); var password = "monkey"; // randomBytes: generate a salt pre user, salt should be stored with hashed password in the database crypto.randomBytes(256, function(err, salt) { // pbkdf2: combine the salt the hash password algorithm, to generate a safe password crypto.pbkdf2(password, salt, 100000, 512, 'sha256', function(err, hash) { console.log("The result of hashing " + password + " is:\n\n" + hash.toString('hex') + "\n\n"); }); });
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
