From e764b716d02d3751a44aac2c7756e2c654396507 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Luis=20Di=20Biase?= Date: Thu, 22 Jun 2017 10:51:22 -0300 Subject: [PATCH] Add explicit SHA1 digest in crypto.pbkdf2 call MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Luis Di Biase --- app/models/user.server.model.js | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/app/models/user.server.model.js b/app/models/user.server.model.js index f472238e..17cac977 100755 --- a/app/models/user.server.model.js +++ b/app/models/user.server.model.js @@ -156,13 +156,19 @@ UserSchema.virtual('password').get(function () { * Create instance method for hashing a password */ UserSchema.methods.hashPassword = function(password) { + var encoding = 'base64'; + var iterations = 10000; + var keylen = 128; + var size = 64; + var digest = 'SHA1'; + //Generate salt if it doesn't exist yet if(!this.salt){ - this.salt = crypto.randomBytes(64).toString('base64'); + this.salt = crypto.randomBytes(size).toString(encoding); } if (password) { - return crypto.pbkdf2Sync(password, new Buffer(this.salt, 'base64'), 10000, 128).toString('base64'); + return crypto.pbkdf2Sync(password, new Buffer(this.salt, encoding), iterations, keylen, digest).toString(encoding); } else { return password; }