Credential V0.2.5 – Easy Password Hashing For Node



Credential is easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.

Employs cryptographically secure, per password salts to prevent rainbow table attacks. Key stretching is used to make brute force attacks impractical. A constant time verification check prevents variable response time attacks.

The latest version won’t throw if you try to hash or verify with an undefined or empty password. Instead, it passes an error into the callback so you can handle it more easily in your application.


npm install –save credential


var pw = require('credential'),
 newPassword ='password';
 if(err){throw err;}
 console.log('Store the password hash.', hash);


var pw = require('credential'),
 storedHash = '{"hash":"PJM0MHOz+qARffD4kJngkBlzGeR1U5ThUMx3aPW+qVokea7t5UhKXU8z8CTHTaf3MYLpnt/8dtdaCf7GxMUXr0cJ","salt":"oLfUniVJ9YcpNGzpAi8AQxzGzVBzC26AgsnmjNlEXWR6XGWl+08b+b5Px7jSebErDjkEuoovqkMpnk9D52gkA1M0","keyLength":66,"hashMethod":"pbkdf2","workUnits":60}',
 userInput = 'I have a really great password.';

pw.verify(storedHash, userInput, function (err, isValid) {
 var msg;
 if (err) { throw err; }
 msg = isValid ? 'Passwords match!' : 'Wrong password.';


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s