Permalink
Browse files

將bcrypt改成pbkdf2,去除對native module的相依性

  • Loading branch information...
1 parent 4a0f688 commit 889702d18983ca20e334287348910efcf4ee57ab @pH200 committed Jan 18, 2013
Showing with 57 additions and 12 deletions.
  1. +9 −7 controllers/sign.js
  2. +5 −4 controllers/user.js
  3. +42 −0 libs/pbkdf2.js
  4. +1 −0 models/user.js
  5. +0 −1 package.json
View
16 controllers/sign.js
@@ -10,7 +10,7 @@ var crypto = require('crypto');
var config = require('../config').config;
var message_ctrl = require('./message');
var mail_ctrl = require('./mail');
-var bcrypt = require('bcrypt');
+var pbkdf2 = require('../libs/pbkdf2');
// private
@@ -116,12 +116,12 @@ exports.signup = function (req, res, next) {
return;
}
- // bcrypt the pass
- bcrypt.genSalt(config.genSalt, function (err, salt) {
+ // PBKDF2 encryption
+ pbkdf2.genSalt(config.genSalt, function (err, salt) {
if (err) {
return next(err);
}
- bcrypt.hash(pass, salt, function (err, hash) {
+ pbkdf2.hash(pass, salt, function (err, hash) {
if (err) {
return next(err);
}
@@ -132,6 +132,7 @@ exports.signup = function (req, res, next) {
user.name = name;
user.loginname = loginname;
user.pass = hash;
+ user.salt = salt;
user.email = email;
user.avatar = avatar_url;
user.active = false;
@@ -195,7 +196,7 @@ exports.login = function (req, res, next) {
if (!user || user.pass === undefined) {
return res.render('sign/signin', { error: '這個用戶不存在。' });
}
- bcrypt.compare(pass, user.pass, function (err, equal) {
+ pbkdf2.compare(pass, user.pass, user.salt, function (err, equal) {
if (err) {
return next(err);
}
@@ -339,16 +340,17 @@ exports.reset_pass = function (req, res, next) {
return res.render('notify/notify', {error : '錯誤的激活鏈接'});
}
- bcrypt.genSalt(config.genSalt, function (err, salt) {
+ pbkdf2.genSalt(config.genSalt, function (err, salt) {
if (err) {
return next(err);
}
- bcrypt.hash(psw, salt, function (err, hash) {
+ pbkdf2.hash(psw, salt, function (err, hash) {
if (err) {
return next(err);
}
user.pass = hash;
+ user.salt = salt;
user.retrieve_key = null;
user.retrieve_time = null;
user.active = true; // 用戶激活
View
9 controllers/user.js
@@ -18,7 +18,7 @@ var EventProxy = require('eventproxy').EventProxy;
var check = require('validator').check;
var sanitize = require('validator').sanitize;
var crypto = require('crypto');
-var bcrypt = require('bcrypt');
+var pbkdf2 = require('../libs/pbkdf2');
function get_user_by_id(id, cb) {
User.findOne({_id: id}, cb);
@@ -259,7 +259,7 @@ exports.setting = function (req, res, next) {
return next(err);
}
- bcrypt.compare(old_pass, user.pass, function (err, equal) {
+ pbkdf2.compare(old_pass, user.pass, user.salt, function (err, equal) {
if (err) {
return next(err);
}
@@ -280,12 +280,13 @@ exports.setting = function (req, res, next) {
return;
}
- bcrypt.genSalt(config.genSalt, function (err, salt) {
+ pbkdf2.genSalt(config.genSalt, function (err, salt) {
if (err) {
return next(err);
}
- bcrypt.hash(new_pass, salt, function (err, hash) {
+ pbkdf2.hash(new_pass, salt, function (err, hash) {
user.pass = hash;
+ user.salt = salt;
user.save(function (err) {
if (err) {
return next(err);
View
42 libs/pbkdf2.js
@@ -0,0 +1,42 @@
+/*jslint node: true, regexp: true, nomen: true, indent: 2, vars: true */
+
+'use strict';
+
+var crypto = require('crypto');
+// Bcrypt Adoptions:
+// bcrypt.genSalt(rounds, seed_length, callback(err, salt))
+// bcrypt.hash(data, salt, callback(err, encrypted))
+// bcrypt.compare(data, encrypted, function(err, same))
+
+module.exports = {
+ keylen: 256,
+ iterations: 4096,
+ genSalt: function (size, callback) {
+ crypto.randomBytes(size, function (err, buf) {
+ if (err) {
+ return callback(err);
+ }
+ return callback(null, buf.toString('base64'));
+ });
+ },
+ hash: function (data, salt, callback) {
+ // For iteration count settings, see:
+ // http://security.stackexchange.com/questions/3959/recommended-of-iterations-when-using-pkbdf2-sha256
+ crypto.pbkdf2(data, salt, this.iterations, this.keylen, function (err, derivedKey) {
+ if (err) {
+ return callback(err);
+ }
+ // derivedKey is string, but stores binary data
+ var buffer = new Buffer(derivedKey);
+ return callback(null, buffer.toString('hex'), salt);
+ });
+ },
+ compare: function (data, encrypted, salt, callback) {
+ this.hash(data, salt, function (err, hash) {
+ if (err) {
+ return callback(err);
+ }
+ return callback(null, (encrypted === hash));
+ });
+ }
+};
View
1 models/user.js
@@ -10,6 +10,7 @@ var UserSchema = new Schema({
name: { type: String, index: true },
loginname: { type: String, unique: true },
pass: { type: String },
+ salt: { type: String },
email: { type: String, unique: true },
url: { type: String },
profile_image_url: {type: String},
View
1 package.json
@@ -14,7 +14,6 @@
"nodemailer": "0.3.5",
"data2xml": "0.4.0",
"xss": ">=0.0.2",
- "bcrypt ": "*",
"facebook-group-sync": "*"
},
"devDependencies": {

0 comments on commit 889702d

Please sign in to comment.