# Hashing
# Introduction
ExpressWebJs Hash module provides secure Bcrypt and Argon2 hashing for storing user passwords. Bcrypt is used for registration and authentication by default. You are free to use Argon2.
Bcrypt is a great choice for hashing passwords because its "work factor" is adjustable, which means that the time it takes to generate a hash can be increased as hardware power increases. When hashing passwords, slow is good. The longer an algorithm takes to hash a password, the longer it takes malicious users to generate "rainbow tables" of all possible string hash values that may be used in brute force attacks against applications.
# Configuration
You can configure the driver of your choice inside the Config/Hashing.ts file.
import env from "Elucidate/ENV"; export default { /* |-------------------------------------------------------------------------- | Default Hash Driver |-------------------------------------------------------------------------- | | This option controls the default hash driver that will be used to hash | passwords for your application. By default, the bcrypt algorithm is | used; however, you remain free to modify this option if you wish. | | Supported: "bcrypt", "argon". | */ driver: "bcrypt", /* |-------------------------------------------------------------------------- | Bcrypt Options |-------------------------------------------------------------------------- | npm install bcrypt |-------------------------------------------------------------------------- | Here you may specify the configuration options that should be used when | passwords are hashed using the Bcrypt algorithm. This will allow you | to control the amount of time it takes to hash the given password. | */ bcrypt: { rounds: env("BCRYPT_ROUNDS", 10), }, /* |-------------------------------------------------------------------------- | Argon Options |-------------------------------------------------------------------------- | npm install argon |-------------------------------------------------------------------------- | Here you may specify the configuration options that should be used when | passwords are hashed using the Argon algorithm. These will allow you | to control the amount of time it takes to hash the given password. | */ argon: { hashLength: 32, timeCost: 3, memory: 4096, parallelism: 1, type: "argon2i", }, };
Copied!
# Hashing values
# make
The Hash.make method accepts a string value.
import Hash from "Elucidate/Hashing/Hash"; const hashedPassword = await Hash.make(user.password);
Copied!
# verify
The check method provided by the Hash module allows you to verify that a given plain-text string corresponds to a given hash:
import Hash from "Elucidate/Hashing/Hash"; const hashedPassword = await Hash.check("plain-text", hashedPassword);
Copied!