node.jsbcrypt

encrypt/decrypt passwords with node.js


I am working with the bcrypt nodejs module.

I am satisfied with it to encrypt and compare passwords, but it seems impossible to decrypt it.

I am wondering:

  1. How do you encrypt/decrypt passwords with nodejs (which module or method are you using) ?
  2. Is there a trick to decrypt the passwords encoded with the bcrypt module ?

Thanks !


Solution

  • You don't decrypt passwords with bcrypt -- it's a one-way algorithm. What you do is store the hash of the original (salted) password. Then you hash the (salted) guess. If the hashes match, then the guess is correct.

    Fortunately, the node-bcrypt library does all of this for you, so you only need to provide the plaintext guess and the hash (from the database).

    For example, you might do this:

    // "password"; usually stored in the database in the user's row.
    var stored_hash = '$2a$10$vxliJ./aXotlnxS9HaJoXeeASt48.ddU7sHNOpXC/cLhgzJGdASCe'
    bcrypt.compare(guess, stored_hash, function(err, res) {
    
    });