Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
This video covers one solution to the practice session.
Courses
Introduction to Application Security
User Authentication with Express and Mongo - Hashing and Salting
Resources
NPM Bcrypt Package — Try using hashSync(data, salt) and compareSync(data, encrypted)
-
0:00
How did it go?
-
0:01
I hope you were able to work through the challenge yourself.
-
0:04
But if not, don't worry, I'll walk you step by step through my solution now.
-
0:10
For Step 1, because I've included a package.json file,
-
0:15
you can use the command npm installed by itself, or npm install bcrypt.
-
0:24
Now for Step 2,
-
0:25
I can use the bcrypt.hashSync with the string password in the saltRounds.
-
0:31
I use console.log to display the hash to the screen.
-
0:36
Step 3 is the same as Step 2 with a different string.
-
0:42
In Step 4, I use Bcrypt Compare sync
-
0:47
to compare the string password with the variable, originalHash.
-
0:52
Once again, Step 5 is the same as Step 4 with a different string.
-
0:58
Now we're ready to see these results in the console.
-
1:01
View, Show Console, here we type node bcrypt.js.
-
1:11
You can see that we have separate hashes for Step 1 and Step 2.
-
1:16
In the string password, matches are Original Hash,
-
1:19
while bad-password does not.
-
1:23
Notice if I run node bcrypt.js again, I see the hashes from Step 1 and
-
1:29
Step 2 are different, even though we're hashing the same strings.
-
1:35
This helps to secure your hash.
-
1:37
This also means that we cannot directly compare the stored hash
-
1:41
with a new hash we create.
-
1:43
This is why we need to use the Compare function from the Bcrypt package instead.
-
1:49
I want to reiterate, always store the hash password in the database.
-
1:54
Never store a plain text password.
-
1:57
If your solution was different than mine, that's great.
-
2:01
Seldom is there only one solution.
-
2:04
If you see something interesting in my code,
-
2:06
you should try implementing it in your own program.
-
2:09
Keep practicing so you can master these new skills.
-
2:13
Until next time, happy coding.
You need to sign up for Treehouse in order to download course files.
Sign up