mcf

Modular Crypt Format ====================

Usage no npm install needed!

<script type="module">
  import mcf from 'https://cdn.skypack.dev/mcf';
</script>

README

Modular Crypt Format

NPM version Dependency Status devDependency Status Build Status Coverage Status

This modules reads (deserialize) and writes (serialize) password fields in databases following the Modular Crypt Format (MCF).

The modular crypt format (MCF) is a standard for encoding password hash strings in order to defend a database against attacks (dictionary attacks, pre-computed rainbow table attacks, etc.).

The Modular Crypt Format is described in detail in http://pythonhosted.org/passlib/modular_crypt_format.html

Format

A password field in the Modular Crypt Format is of the following form:

$identifier$cost$salt$derived_key

Install

npm install mcf

API

deserialize(mcf_field)

serialize(identifier, cost, salt, derived_key)

Usage

Reading the format from the database:

const mcf = require('mcf')

let mcf_field = user.get('password')
try {
    let obj = mcf.deserialize(mcf_field)
    let identifier = obj.identifier
    let cost = obj.cost
    let salt = obj.salt
    let derived_key = obj.derived_key
} catch(err) {
    if (err instanceof mcf.McfError) {
        console.log("Format error in the database", err)
    } else {
        console.log("Unexpected fail")
    }
}

Creating the format to write in the database:

const mcf = require('mcf')

let mcf_field = mcf.serialize('pbkdf2', cost, salt, derived_key)

Development

To run the tests:

npm test

To compute test coverage:

npm run test:coverage

Contributions

Pull Requests and contributions in general are welcome as long as they follow the Node aesthetic.