Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
This video covers one solution to the practice session.
Courses
Introduction to Application Security
User Authentication with Express and Mongo - Hashing and Salting
Resources
NPM Bcrypt Package — Try using hashSync(data, salt) and compareSync(data, encrypted)
How did it go?
0:00
I hope you were able to work
through the challenge yourself.
0:01
But if not, don't worry, I'll walk you
step by step through my solution now.
0:04
For Step 1,
because I've included a package.json file,
0:10
you can use the command npm installed
by itself, or npm install bcrypt.
0:15
Now for Step 2,
0:24
I can use the bcrypt.hashSync with
the string password in the saltRounds.
0:25
I use console.log to display
the hash to the screen.
0:31
Step 3 is the same as Step
2 with a different string.
0:36
In Step 4, I use Bcrypt Compare sync
0:42
to compare the string password
with the variable, originalHash.
0:47
Once again, Step 5 is the same as
Step 4 with a different string.
0:52
Now we're ready to see these
results in the console.
0:58
View, Show Console,
here we type node bcrypt.js.
1:01
You can see that we have separate
hashes for Step 1 and Step 2.
1:11
In the string password,
matches are Original Hash,
1:16
while bad-password does not.
1:19
Notice if I run node bcrypt.js again,
I see the hashes from Step 1 and
1:23
Step 2 are different, even though
we're hashing the same strings.
1:29
This helps to secure your hash.
1:35
This also means that we cannot
directly compare the stored hash
1:37
with a new hash we create.
1:41
This is why we need to use the Compare
function from the Bcrypt package instead.
1:43
I want to reiterate, always store
the hash password in the database.
1:49
Never store a plain text password.
1:54
If your solution was different than mine,
that's great.
1:57
Seldom is there only one solution.
2:01
If you see something
interesting in my code,
2:04
you should try implementing
it in your own program.
2:06
Keep practicing so
you can master these new skills.
2:09
Until next time, happy coding.
2:13
You need to sign up for Treehouse in order to download course files.
Sign up