checkPassword = function (plain, encoded) { 'use strict'; var salted = encoded.substr(3, 8) + plain, hex = crypto.sha256(salted); return (encoded.substr(12) === hex); };
var hashPassword = function (password) { var salt = internal.genRandomAlphaNumbers(16); return { hash: crypto.sha256(salt + password), salt: salt, method: "sha256" }; };
var encodePassword = function (password) { var salt; var encoded; var random = crypto.rand(); if (random === undefined) { random = "time:" + internal.time(); } else { random = "random:" + random; } salt = crypto.sha256(random); salt = salt.substr(0,8); encoded = "$1$" + salt + "$" + crypto.sha256(salt + password); return encoded; };
exports.isValid = function (user, password) { var users = getStorage(); var previous = users.firstExample({ user: user }); if (previous === null || ! previous.active) { return false; } var salted = previous.password.substr(3, 8) + password; var hex = crypto.sha256(salted); // penalize the call internal.sleep(Math.random()); return (previous.password.substr(12) === hex); };