Session and Security

Password Hashing

Designing a secure authentication system

Get the assignment repo, npm install to install the dependencies we've already been using, and start hashing.js with node. Follow the video below to complete the password hashing example.

Repo invite: https://classroom.github.com/a/vCP6tZB4

prompt> git clone <repo URL>
prompt> cd <repo name>
prompt> git config commit.template .gitmessage

Password Hashing with bcrypt (14:48)

Video from a prior semester. Errors and updates:

Changed template engines from handlebars to EJS. In these examples, just swapping from {{ }} to <%= %>.
In my templates I prefix several variables with locals. (e.g. locals.hash instead of just hash). This prevents it from erroring before I create that variable in the example, and doesn't change anything else.
The webpage showing at the beginning of the video is from a different (out-of-order) example. Just ignore.

Additional resources:

bcryptjs module
About salting passwords
About the bcrypt algorithm (wikipedia)

Assignment Checklist

install the bcryptjs module with npm

Hash the password and display the result

Verify the password with the hash (compare) and display the result