Password Management
Every application must store passwords using a cryptographic technique. FoalTS provides two functions to hash and verify passwords.
Hash and Salt Passwords#
The hashPassword utility uses the PBKDF2 algorithm with a SHA256 hash. It takes as parameters the password in plain text and an optional options object. It returns a promise which value is a password hash.
The function generates a unique cryptographically-strong random salt for each password. This salt is returned by the function beside the password hash.
const passwordHash = await hashPassword(plainTextPassword);Verify Passwords#
The verifyPassword takes three arguments:
- the password to check in plain text,
- and the password hash (usually fetched from the database).
const isEqual = await verifyPassword(plainTextPassword, passwordHash);Forbid Overly Common Passwords#
npm install @foal/passwordTo prevent users from using very weak passwords such as 123456 or password, you can call the isCommon function. This utility checks if the given password is part of the 10000 most common passwords listed here.
const isPasswordTooCommon = await isCommon(password);