31 lines
950 B
JavaScript
31 lines
950 B
JavaScript
import { randomBytes, pbkdf2Sync, randomInt } from 'node:crypto';
|
|
|
|
// Settings (tune as needed)
|
|
const ITERATIONS = 100_000; // Slow enough to deter brute force
|
|
const KEYLEN = 64; // 512-bit hash
|
|
const DIGEST = 'sha512';
|
|
|
|
/**
|
|
* Generate a hash from a plaintext password.
|
|
* @param {String} password
|
|
* @returns String
|
|
*/
|
|
export function hash(password) {
|
|
const salt = randomBytes(16).toString('hex'); // 128-bit salt
|
|
const hash = pbkdf2Sync(password, salt, ITERATIONS, KEYLEN, DIGEST).toString('hex');
|
|
return `${ITERATIONS}:${salt}:${hash}`;
|
|
}
|
|
|
|
/**
|
|
* Verify that a password is correct against a given hash.
|
|
*
|
|
* @param {String} password
|
|
* @param {String} hashed_password
|
|
* @returns Boolean
|
|
*/
|
|
export function verify(password, hashed_password) {
|
|
const [iterations, salt, hash] = hashed_password.split(':');
|
|
const derived = pbkdf2Sync(password, salt, Number(iterations), KEYLEN, DIGEST).toString('hex');
|
|
return hash === derived;
|
|
}
|