The binary encoding is probably not ever going away. It may be
deprecated, but people use it, and meh. It's not hurting anybody.
The crypto API will return a buffer by default in 0.10. If you would
like to get a binary encoded string, you can add this to your code now
to future-proof it:
crypto.pbkdf2(..., function(er, derivedKey) {
if (typeof derivedKey === 'string') {
derivedKey = new Buffer(derivedKey, 'binary');
}
saveToDatabaseOrWhatever(derivedKey.toString('base64'), cb)
}
Because pbkdf2 doesn't take an encoding argument, there's no other way
to make this work, unfortunately.
See:
http://nodejs.org/docs/latest/api/crypto.html#crypto_proposed_api_changes_in_future_versions_of_node
and
http://nodejs.org/docs/v0.9.8/api/crypto.html#crypto_recent_api_changes
On Thu, Jan 31, 2013 at 3:14 PM, Daniel Rinehart <dani...@neophi.com> wrote:
> Slightly OT. Besides future proofing due to upcoming crypto changes you
> might want to look into a module like bcrypt to help prevent against
> improvements in password cracking software: https://npmjs.org/package/bcrypt
>
> -- Daniel R. <dani...@neophi.com> [http://danielr.neophi.com/]
>
>
> On Thu, Jan 31, 2013 at 5:41 PM, Harald Hanche-Olsen <han...@math.ntnu.no>
> wrote:
>>
>> I'd like to store user password hashes in a database.
>>
>> When a new password is created, I get some bytes from
>> crypto.randombytes to use as salt, then feed the salt and password to
>> crypto.pbkdf2 (along with an iteration count and size).
>>
>> I convert the salt with salt.toString('base64') in order to save it in
>> the password database.
>>
>> I have noticed that the resulting key from pbkdf2 is essentially a
>> binary coded string; so convert it using
>> new Buffer(derivedKey,'binary').toString('base64')
>> before saving it to the database.
>>
>> However, I see that the crypto API is going to change to using buffers
>> rather than binary encoded strings. Also, the 'binary' encoding is
>> going away.
>>
>> That is fine and well, but what do I need to do to ensure that the
>> password hashes will be the same after the crypto API changes?
>>
>> I understand I will have to rewrite the code, of course, but I want to
>> be able to use the same old hashes so that the password database can
>> still be used.
>>
>> Can I expect the future crypto.pbkdf2 to produce a buffer identical to
>> today's new Buffer(derivedKey,'binary')?
>>
>> Also, what is most future proof – to feed the binary salt as a buffer
>> to pbkdf2, or the stringified version thereof?
>>
>> - Harald
>>
>> --
>> --
>> Job Board: http://jobs.nodejs.org/
>> Posting guidelines:
>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>> You received this message because you are subscribed to the Google
>> Groups "nodejs" group.
>> To post to this group, send email to nodejs@googlegroups.com
>> To unsubscribe from this group, send email to
>> nodejs+unsubscr...@googlegroups.com
>> For more options, visit this group at
>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "nodejs" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to nodejs+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/groups/opt_out.
>>
>>
>
> --
> --
> Job Board: http://jobs.nodejs.org/
> Posting guidelines:
> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
> You received this message because you are subscribed to the Google
> Groups "nodejs" group.
> To post to this group, send email to nodejs@googlegroups.com
> To unsubscribe from this group, send email to
> nodejs+unsubscr...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/nodejs?hl=en?hl=en
>
> ---
> You received this message because you are subscribed to the Google Groups
> "nodejs" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to nodejs+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
