Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
Use Scrypt for password hashes
Browse files Browse the repository at this point in the history
  • Loading branch information
pontifier committed Oct 11, 2013
1 parent 4825f44 commit 5022bc2
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 16 deletions.
20 changes: 6 additions & 14 deletions app/models/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
var mongoose = require('mongoose'),
Schema = mongoose.Schema,
crypto = require('crypto'),
scrypt = require('scrypt'),
_ = require('underscore'),
authTypes = ['github', 'twitter', 'facebook', 'google'];

Expand All @@ -17,7 +18,6 @@ var UserSchema = new Schema({
username: String,
provider: String,
hashed_password: String,
salt: String,
facebook: {},
twitter: {},
github: {},
Expand All @@ -29,7 +29,6 @@ var UserSchema = new Schema({
*/
UserSchema.virtual('password').set(function(password) {
this._password = password;
this.salt = this.makeSalt();
this.hashed_password = this.encryptPassword(password);
}).get(function() {
return this._password;
Expand Down Expand Up @@ -92,18 +91,9 @@ UserSchema.methods = {
* @api public
*/
authenticate: function(plainText) {
return this.encryptPassword(plainText) === this.hashed_password;
return scrypt.verifyHashSync(this.hashed_password, plainText);
},

/**
* Make salt
*
* @return {String}
* @api public
*/
makeSalt: function() {
return Math.round((new Date().valueOf() * Math.random())) + '';
},

/**
* Encrypt password
Expand All @@ -114,8 +104,10 @@ UserSchema.methods = {
*/
encryptPassword: function(password) {
if (!password) return '';
return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
var maxtime = 0.1;
return scrypt.passwordHashSync(password, maxtime);
//return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
}
};

mongoose.model('User', UserSchema);
mongoose.model('User', UserSchema);
5 changes: 3 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,8 @@
"forever": "latest",
"grunt": "latest",
"grunt-cli": "latest",
"grunt-bower-task": "latest"
"grunt-bower-task": "latest",
"scrypt": "latest"
},
"devDependencies": {
"supertest": "latest",
Expand All @@ -47,4 +48,4 @@
"grunt-concurrent": "latest",
"grunt-mocha-test": "latest"
}
}
}

0 comments on commit 5022bc2

Please sign in to comment.