prehashed-bcrypt will handle pre-hashing a password before passing it to bcrypt. This avoids the issue of bcrypt having a 72 byte input limit, provided you choose a hashing algorithm that produces hashes shorter than 72 bytes (base64-encoded). SHA384 is a potentially good choice, producing hashes that are 64 bytes wide.
npm install --save prehashed-bcrypt
var prehashedBcrypt = require( 'prehashed-bcrypt' );
prehashedBcrypt.hash( password, 'sha384', function( error, hash ) {
// hash is now your hashed + salted + bcrypted password
prehashedBcrypt.check( password, 'sha384', hash, function( error, result ) {
// result is true, since the password hashed + bcrypt checked against
// the existing hash
} );
} );Hashes the input string using the selected node.js crypto hashing algorithm, then bcrypts the result. callback is a standard node.js callback: function( error, hash )
This checks the given string, pre-hashed using the given crypto algorithm against the specified existing hash. callback is a standard node.js callback: function( error, result )
result is true if the input matched, false otherwise.
Pull requests are very welcome! Just make sure your code:
-
Passes jshint given the included .jshintrc
-
Is beautified using jsbeautifier and the included .jsbeautifyrc
It's lame to have a limit on the length of your users passwords. Provided that the pre-hashing algorithm selected is strong, this should be of equivalent security, but allows for arbitrary length passwords.
See: http://security.stackexchange.com/a/6627
- Update README to avoid some markdown issues
- Initial release.