Every application must store passwords using a cryptographic technique. FoalTS provides two functions to hash and verify passwords.
hashPassword utility uses the PBKDF2 algorithm with a SHA256 hash. It takes as parameters the password in plain text and an optional
options object. It returns a promise which value is a password hash.
The function generates a unique cryptographically-strong random salt for each password. This salt is returned by the function beside the password hash.
verifyPassword takes three arguments:
- the password to check in plain text,
- and the password hash (usually fetched from the database).
To prevent users from using very weak passwords such as
password, you can call the
isCommon function. This utility checks if the given password is part of the 10000 most common passwords listed here.