Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Practice Hashing Passwords in JavaScript

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

One Solution

2:16 with Alena Holligan

This video covers one solution to the practice session.

Courses

Introduction to Application Security

User Authentication with Express and Mongo - Hashing and Salting

Resources

NPM Bcrypt Package — Try using hashSync(data, salt) and compareSync(data, encrypted)

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    How did it go? 0:00
    I hope you were able to work through the challenge yourself. 0:01
    But if not, don't worry, I'll walk you step by step through my solution now. 0:04
    For Step 1, because I've included a package.json file, 0:10
    you can use the command npm installed by itself, or npm install bcrypt. 0:15
    Now for Step 2, 0:24
    I can use the bcrypt.hashSync with the string password in the saltRounds. 0:25
    I use console.log to display the hash to the screen. 0:31
    Step 3 is the same as Step 2 with a different string. 0:36
    In Step 4, I use Bcrypt Compare sync 0:42
    to compare the string password with the variable, originalHash. 0:47
    Once again, Step 5 is the same as Step 4 with a different string. 0:52
    Now we're ready to see these results in the console. 0:58
    View, Show Console, here we type node bcrypt.js. 1:01
    You can see that we have separate hashes for Step 1 and Step 2. 1:11
    In the string password, matches are Original Hash, 1:16
    while bad-password does not. 1:19
    Notice if I run node bcrypt.js again, I see the hashes from Step 1 and 1:23
    Step 2 are different, even though we're hashing the same strings. 1:29
    This helps to secure your hash. 1:35
    This also means that we cannot directly compare the stored hash 1:37
    with a new hash we create. 1:41
    This is why we need to use the Compare function from the Bcrypt package instead. 1:43
    I want to reiterate, always store the hash password in the database. 1:49
    Never store a plain text password. 1:54
    If your solution was different than mine, that's great. 1:57
    Seldom is there only one solution. 2:01
    If you see something interesting in my code, 2:04
    you should try implementing it in your own program. 2:06
    Keep practicing so you can master these new skills. 2:09
    Until next time, happy coding. 2:13

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up