Bindings for the crypto_pwhash API. See the libsodium crypto_pwhash docs for more information.

Constants

Buffer lengths (integer)

crypto_pwhash_BYTES_MIN
crypto_pwhash_BYTES_MAX
crypto_pwhash_SALTBYTES
crypto_pwhash_STRBYTES
crypto_pwhash_OPSLIMIT_MIN
crypto_pwhash_OPSLIMIT_MAX
crypto_pwhash_MEMLIMIT_MIN
crypto_pwhash_MEMLIMIT_MAX
crypto_pwhash_STRPREFIX

String constants (string)

crypto_pwhash_PRIMITIVE

`crypto_pwhash`

sodium.crypto_pwhash(out, passwd, salt, opslimit, memlimit, alg)

Creates a password hash.

out should be a buffer of length within crypto_pwhash_BYTES_MIN - crypto_pwhash_BYTES_MAX
passwd should be a buffer of any size
salt should be a buffer of length crypto_pwhash_SALTBYTES
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_OPSLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_MEMLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX
alg should be a number specifying the algorithm you want to use

Available default opslimit's and memlimit's are

crypto_pwhash_OPSLIMIT_INTERACTIVE
crypto_pwhash_OPSLIMIT_MODERATE
crypto_pwhash_OPSLIMIT_SENSITIVE
crypto_pwhash_MEMLIMIT_INTERACTIVE
crypto_pwhash_MEMLIMIT_MODERATE
crypto_pwhash_MEMLIMIT_SENSITIVE

The available algorithm's are

crypto_pwhash_ALG_DEFAULT
crypto_pwhash_ALG_ARGON2ID13
crypto_pwhash_ALG_ARGON2I13

The generated hash will be stored in out and the entire out buffer will be used.

`crypto_pwhash_str`

sodium.crypto_pwhash_str(out, passwd, opslimit, memlimit)

Creates a password hash with a random salt.

out should be a buffer of length crypto_pwhash_STRBYTES
passwd should be a buffer of any size
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_OPSLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_MEMLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX

The generated hash, settings, salt, version and algorithm will be stored in out and the entire out buffer will be used.

`crypto_pwhash_str_verify`

var bool = sodium.crypto_pwhash_str_verify(str, passwd)

Verifies a password hash generated with the above method.

str should be a buffer of length crypto_pwhash_STRBYTES
passwd should be a buffer of any size

Returns true if the hash could be verified with the settings contained in str. Otherwise false.

`crypto_pwhash_str_needs_rehash`

var bool = sodium.crypto_pwhash_str_needs_rehash(hash, opslimit, memlimit)

Checks if a password hash needs rehash, either because the default algorithm changed, opslimit or memlimit increased, or because the hash is malformed.

hash should be a buffer of length crypto_pwhash_STRBYTES
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_OPSLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_MEMLIMIT_MIN - crypto_pwhash_OPSLIMIT_MAX

Returns true if the hash should be rehashed the settings contained in str. Otherwise false if it is still good.

`crypto_pwhash_async`

sodium.crypto_pwhash_async(out, passwd, salt, opslimit, memlimit, alg, callback)

Just like crypto_pwhash, but this will run password hashing on a separate worker, so it will not block the event loop. callback(err) will receive any errors from the hashing but all argument errors will throw. The resulting hash is written to out. This function also supports async_hooks as the type sodium-native:crypto_pwhash_async.

`crypto_pwhash_str_async`

sodium.crypto_pwhash_str_async(out, passwd, opslimit, memlimit, callback)

Just like crypto_pwhash_str, but this will run password hashing on a separate worker, so it will not block the event loop. callback(err) will receive any errors from the hashing but all argument errors will throw. The resulting hash with parameters is written to out. This function also supports async_hooks as the type sodium-native:crypto_pwhash_str_async.

`crypto_pwhash_str_verify_async`

sodium.crypto_pwhash_str_verify_async(str, passwd, callback)

Just like crypto_pwhash_str_verify, but this will run password hashing on a separate worker, so it will not block the event loop. callback(err, bool) will receive any errors from the hashing but all argument errors will throw. If the verification succeeds bool is true, otherwise false. Due to an issue with libsodium err is currently never set. This function also supports async_hooks as the type sodium-native:crypto_pwhash_str_verify_async.

Password Hashing (Scrypt)

Bindings for the crypto_pwhash_scryptsalsa208sha256 API. See the libsodium crypto_pwhash_scryptsalsa208sha256 docs for more information.

Constants (Scrypt)

Buffer lengths (integer)

crypto_pwhash_scryptsalsa208sha256_BYTES_MIN
crypto_pwhash_scryptsalsa208sha256_BYTES_MAX
crypto_pwhash_scryptsalsa208sha256_SALTBYTES
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MAX
crypto_pwhash_scryptsalsa208sha256_STRBYTES

`crypto_pwhash_scryptsalsa208sha256`

sodium.crypto_pwhash_scryptsalsa208sha256(out, passwd, salt, opslimit, memlimit)

Creates a password hash.

out should be a buffer of length within crypto_pwhash_scryptsalsa208sha256_BYTES_MIN - crypto_pwhash_scryptsalsa208sha256_BYTES_MAX
passwd should be a buffer of any size
salt should be a buffer of length crypto_pwhash_scryptsalsa208sha256_SALTBYTES
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX

Available default opslimit's and memlimit's are

crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE

The generated hash will be stored in out, and the entire out buffer will be used.

`crypto_pwhash_scryptsalsa208sha256_str`

sodium.crypto_pwhash_scryptsalsa208sha256_str(out, passwd, opslimit, memlimit)

Creates a password hash with a random salt.

out should be a buffer of length crypto_pwhash_scryptsalsa208sha256_STRBYTES
passwd should be a buffer of any size
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX

The generated hash, settings, salt, version and algorithm will be stored in out, and the entire out buffer will be used.

`crypto_pwhash_scryptsalsa208sha256_str_verify`

var bool = sodium.crypto_pwhash_scryptsalsa208sha256_str_verify(str, passwd)

Verifies a password hash generated with the above method.

str should be a buffer of length crypto_pwhash_scryptsalsa208sha256_STRBYTES
passwd should be a buffer of any size

Returns true if the hash could be verified with the settings contained in str. Otherwise false.

`crypto_pwhash_scryptsalsa208sha256_str_needs_rehash`

var bool = sodium.crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(hash, opslimit, memlimit)

Checks if a password hash needs rehash, either because opslimit or memlimit increased, or because the hash is malformed.

hash should be a buffer of length crypto_pwhash_scryptsalsa208sha256_STRBYTES
opslimit should be a number containing your ops limit setting in the range crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX
memlimit should be a number containing your mem limit setting in the range crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN - crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MAX

Returns true if the hash should be rehashed the settings contained in str. Otherwise false, if it is still good.

`crypto_pwhash_scryptsalsa208sha256_async`

sodium.crypto_pwhash_scryptsalsa208sha256_async(out, passwd, salt, opslimit, memlimit, callback)

Just like crypto_pwhash_scryptsalsa208sha256, but this will run password hashing on a separate worker so it will not block the event loop. callback(err) will receive any errors from the hashing but all argument errors will throw. The resulting hash is written to out. This function also supports async_hooks as the type sodium-native:crypto_pwhash_scryptsalsa208sha256_async.

`crypto_pwhash_scryptsalsa208sha256_str_async`

sodium.crypto_pwhash_scryptsalsa208sha256_str_async(out, passwd, opslimit, memlimit, callback)

Just like crypto_pwhash_scryptsalsa208sha256_str, but this will run password hashing on a separate worker so it will not block the event loop. callback(err) will receive any errors from the hashing but all argument errors will throw. The resulting hash with parameters is written to out. This function also supports async_hooks as the type sodium-native:crypto_pwhash_scryptsalsa208sha256_str_async.

`crypto_pwhash_scryptsalsa208sha256_str_verify_async`

sodium.crypto_pwhash_scryptsalsa208sha256_str_verify_async(str, passwd, callback)

Just like crypto_pwhash_scryptsalsa208sha256_str_verify, but this will run password hashing on a separate worker so it will not block the event loop. callback(err, bool) will receive any errors from the hashing but all argument errors will throw. If the verification succeeds bool is true, otherwise false. Due to an issue with libsodium err is currently never set. This function also supports async_hooks as the type sodium-native:crypto_pwhash_scryptsalsa208sha256_str_verify_async.