node-login icon indicating copy to clipboard operation
node-login copied to clipboard
verified publisher icon braitsch

New password hashing scheme: PBKDF2

Open SCG82 opened this issue 6 years ago • 1 comments

Fully backwards compatible. New user passwords will be hashed using PBKDF2 (10000 iterations, sha256, 16 byte salt) and stored in MongoDB (hash length 32) along with a pass_ver field (pass_ver = 1). Users with no pass_ver field (or pass_ver = 0) will be validated using MD5. I have been using this exact code in production with 1000+ users.

SCG82 avatar Feb 10 '19 20:02 SCG82

I've incorporated similar changes in my new release of nogin, a fork of node-login. (Mentioning as there has been no activity or responses here.)

brettz9 avatar May 25 '20 10:05 brettz9