Node.js hashing of passwords

Question

I am currently using the following for hashing passwords:

var pass_shasum = crypto.createHash(\'sha256\').update(req.body.password).digest(\'hex\');

Answer 1

Try using Bcrypt, it secures the password using hashing.

bcrypt.hash(req.body.password, salt, (err, encrypted) => {
    user.password = encrypted
    next()
})

Where salt is the cost value which specifies the strength of hashing. While logging in, compare the password using bcrypt.compare method:

 bcrypt.compare(password, user.password, (err, same) => {
      if (same) {
           req.session.userId = user._id
           res.redirect('/bloglist')
      } else {
           res.end('pass wrong')
      }
 })

For more info, refer to this blog: https://medium.com/@nitinmanocha16/bcrypt-and-nodejs-e00a0d1df91f