One Solution2:16 with Alena Holligan
This video covers one solution to the practice session.
NPM Bcrypt Package — Try using hashSync(data, salt) and compareSync(data, encrypted)
How did it go? 0:00 I hope you were able to work through the challenge yourself. 0:01 But if not, don't worry, I'll walk you step by step through my solution now. 0:04 For Step 1, because I've included a package.json file, 0:10 you can use the command npm installed by itself, or npm install bcrypt. 0:15 Now for Step 2, 0:24 I can use the bcrypt.hashSync with the string password in the saltRounds. 0:25 I use console.log to display the hash to the screen. 0:31 Step 3 is the same as Step 2 with a different string. 0:36 In Step 4, I use Bcrypt Compare sync 0:42 to compare the string password with the variable, originalHash. 0:47 Once again, Step 5 is the same as Step 4 with a different string. 0:52 Now we're ready to see these results in the console. 0:58 View, Show Console, here we type node bcrypt.js. 1:01 You can see that we have separate hashes for Step 1 and Step 2. 1:11 In the string password, matches are Original Hash, 1:16 while bad-password does not. 1:19 Notice if I run node bcrypt.js again, I see the hashes from Step 1 and 1:23 Step 2 are different, even though we're hashing the same strings. 1:29 This helps to secure your hash. 1:35 This also means that we cannot directly compare the stored hash 1:37 with a new hash we create. 1:41 This is why we need to use the Compare function from the Bcrypt package instead. 1:43 I want to reiterate, always store the hash password in the database. 1:49 Never store a plain text password. 1:54 If your solution was different than mine, that's great. 1:57 Seldom is there only one solution. 2:01 If you see something interesting in my code, 2:04 you should try implementing it in your own program. 2:06 Keep practicing so you can master these new skills. 2:09 Until next time, happy coding. 2:13
You need to sign up for Treehouse in order to download course files.Sign up