This repo is an example of how to use tokenized authentication with NodeJS (Express) and MongoDB. Passwords are protected with bcrypt.
cd frontend, npm install (just for express and morgan), bower install
cd backend, npm install
The version of ngStorage
used is a forked copy not in Bower.
It is useful because the author has included a very awesome $localStorage.$save()
method. For now
the repo has been cloned into frontend\app\lib
.
$ node fronted/client.js
$ node backend/server.js
Visit localhost:3000
What we will NOT be using: crypto.pbkdf2(...)
What we WILL be using: node.bcrypt.js
With regards to choosing bcrypt
over pbkdf2
, see these links:
This comment :
TL;DR: bcrypt is better than PBKDF2 because PBKDF2 can be better accelerated
with GPUs. As such, PBKDF2 is easier to brute force offline with consumer
hardware
This comment:
So, my recommendation of bcrypt stems from the assumptions 1) that a Blowfish
has had a similar level of scrutiny as the SHA-2 family of hash functions, and
2) that cryptanalytic methods for ciphers are better developed than those for
hash functions.
Some other stackoverflow questions:
- Storing passwords with nodejs and mongodb
- nodejs password hashing bcrypt alternative using crypto
- Password Encryption: PBKDF2 (using sha512 x 1000) vs Bcrypt