When developing applications, one of the critical aspects of user authentication is ensuring that passwords are stored securely. Plain text storage of passwords is a significant security risk. Instead, passwords should be encrypted using strong hashing algorithms. In Node.js, one of the popular modules for this purpose is bcryptjs.

What is bcryptjs?

bcryptjs is a JavaScript implementation of the bcrypt password hashing function. It is designed to be secure and efficient, making it a suitable choice for hashing passwords in Node.js applications.

Key Features

• Security: Uses a computationally intensive hashing algorithm to make brute-force attacks difficult.
• Salting: Adds a unique salt to each password to ensure that even if two users have the same password, their hashes will be different.
• Cross-Platform: Works across different operating systems and platforms.

Approach

To encrypt password in Node App using bcrypt module, firstly

• The bcryptjs module is imported. A plain text password password is defined. A variable hashedPassword is declared to store the hashed password.
• bcrypt.genSalt(10, function (err, Salt) {...}) generates a salt with 10 rounds and executes a callback function with the generated salt.
• Inside the salt generation callback, bcrypt.hash(password, Salt, function (err, hash) {...}) hashes the password with the generated Salt.
• If an error occurs, an error message is logged. If successful, the hashed password is stored in hashedPassword and logged.
• bcrypt.compare(password, hashedPassword, async function (err, isMatch) {...}) compares the original password with the hashed password.
• If they match, logs indicate successful encryption and matching. If they don’t match, an error message is logged.

Steps to Set Up Node Project and Implement bcrypt

Step 1: You can visit the link to Install bcryptjs module. You can install this package by using this command.

npm install bcryptjs

Step 2: After installing bcryptjs module you can check your request version in the command prompt using the command.

npm version bcryptjs

Step 3: After that, you can create a folder and add a file for example index.js, To run this file you need to run the following command.

node index.js

Example: Implementation to show encryption in Node.js using bcryptjs module

// Filename - index.js

// Requiring module
const bcrypt = require('bcryptjs');

const password = 'pass123';
const hashedPassword;

// Encryption of the string password
bcrypt.genSalt(10, function (err, Salt) {

    // The bcrypt is used for encrypting password.
    bcrypt.hash(password, Salt, function (err, hash) {

        if (err) {
            return console.log('Cannot encrypt');
        }

        hashedPassword = hash;
        console.log(hash);

        bcrypt.compare(password, hashedPassword,
            async function (err, isMatch) {

                // Comparing the original password to
                // encrypted password
                if (isMatch) {
                    console.log('Encrypted password is: ', password);
                    console.log('Decrypted password is: ', hashedPassword);
                }

                if (!isMatch) {

                    // If password doesn't match the following
                    // message will be sent
                    console.log(hashedPassword + ' is not encryption of '
                        + password);
                }
            })
    })
})

Step to run the application: Run the application using the following command:

node index.js

Output: We will see the following output on the console screen.

$2a$10$4DRBPlbjKO7WuL2ndpbisOheLfgVwDlngY7t18/ZZBFNcW3HdWFGm Encrypted password is: pass123 Decrypted password is: $2a$10$4DRBPlbjKO7WuL2ndpbisOheLfgVwDlngY7t18/ZZBFNcW3HdWFGm