hash password with pbkdf2

meanjs · Dec 4, 2013 · ebddcd3 · ebddcd3
1 parent dbe7213
commit ebddcd3
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/app/models/user.js b/app/models/user.js
@@ -105,7 +105,7 @@ UserSchema.methods = {
      * @api public
      */
     makeSalt: function() {
-        return Math.round((new Date().valueOf() * Math.random())) + '';
+       return crypto.randomBytes(16).toString('base64'); 
     },
 
     /**
@@ -117,8 +117,9 @@ UserSchema.methods = {
      */
     encryptPassword: function(password) {
         if (!password) return '';
-        return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
+        salt = new Buffer(this.salt, 'base64');
+        return crypto.pbkdf2Sync(password, salt, 10000, 64).toString('base64');
     }
 };
 
-mongoose.model('User', UserSchema);
+mongoose.model('User', UserSchema);