Modular Crypt Format

This modules reads (deserialize) and writes (serialize) password fields in databases following the Modular Crypt Format (MCF).

The modular crypt format (MCF) is a standard for encoding password hash strings in order to defend a database against attacks (dictionary attacks, pre-computed rainbow table attacks, etc.).

The Modular Crypt Format is described in detail in https://passlib.readthedocs.io/en/stable/modular_crypt_format.html

Format

A password field in the Modular Crypt Format is of the following form:

$identifier$cost$salt$derived_key

Install

npm install mcf

API

deserialize(mcf_field)

serialize(identifier, cost, salt, derived_key)

Usage

Reading the format from the database:

const mcf = require('mcf')

let mcf_field = user.get('password')
try {
    let obj = mcf.deserialize(mcf_field)
    let identifier = obj.identifier
    let cost = obj.cost
    let salt = obj.salt
    let derived_key = obj.derived_key
} catch(err) {
    if (err instanceof mcf.McfError) {
        console.log("Format error in the database", err)
    } else {
        console.log("Unexpected fail")
    }
}

Creating the format to write in the database:

const mcf = require('mcf')

let mcf_field = mcf.serialize('pbkdf2', cost, salt, derived_key)

Development

To run the tests:

npm test

To compute test coverage:

npm run test:coverage

Contributions

Pull Requests and contributions in general are welcome as long as they follow the Node aesthetic.