├── .gitignore
├── README.md
├── index.js
├── package.json
├── password_demo.js
└── test
    └── test.js


/.gitignore:
--------------------------------------------------------------------------------
 1 | # Logs
 2 | logs
 3 | *.log
 4 | npm-debug.log*
 5 | 
 6 | # Runtime data
 7 | pids
 8 | *.pid
 9 | *.seed
10 | 
11 | # Directory for instrumented libs generated by jscoverage/JSCover
12 | lib-cov
13 | 
14 | # Coverage directory used by tools like istanbul
15 | coverage
16 | 
17 | # nyc test coverage
18 | .nyc_output
19 | 
20 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
21 | .grunt
22 | 
23 | # node-waf configuration
24 | .lock-wscript
25 | 
26 | # Compiled binary addons (http://nodejs.org/api/addons.html)
27 | build/Release
28 | 
29 | # Dependency directories
30 | node_modules
31 | jspm_packages
32 | 
33 | # Optional npm cache directory
34 | .npm
35 | 
36 | # Optional REPL history
37 | .node_repl_history
38 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Learn Crypto
  2 | 
  3 | Cryptography is a fascinating topic worthy of
  4 | *many* fantastic books! see: http://amzn.to/cthr46
  5 | 
  6 | ## Password Hashing
  7 | 
  8 | > "* **Speed** is exactly what you **don’t want** in a **password hash function***."
  9 | ~ [Thomas Ptacek](http://amzn.to/cthr46)
 10 | 
 11 | Using **bcrypt** means there is a "***work factor***" for
 12 | computing the hash of each password.
 13 | Each increment in work-factor (beyond 8) roughly *doubles* the amount of time
 14 | required to compute the hash.
 15 | 
 16 | 
 17 | ### bcrypt time required to derive hash
 18 | 
 19 | ```js
 20 | // "cost" | ms required
 21 | {
 22 | '1' : '27ms',
 23 | '2' : '27ms',
 24 | '3' : '27ms',
 25 | '4' : '27ms',
 26 | '5' : '28ms',
 27 | '6' : '28ms',
 28 | '7' : '28ms',
 29 | '8' : '32ms',
 30 | '9' : '65ms',
 31 | '10': '120ms',
 32 | '11': '226ms',
 33 | '12': '447ms',  // sweet spot for web apps (page/API response under 1 sec)
 34 | '13': '914ms',
 35 | '14': '1810ms',
 36 | '15': '3673ms',
 37 | '16': '7634ms',
 38 | '17': '15449ms',
 39 | '18': '28531ms',
 40 | '19': '51857ms',
 41 | '20': '98165ms' // 98 seconds
 42 | }
 43 | ```
 44 | 
 45 | 
 46 | ### Node.js Modules
 47 | 
 48 | + ***Core*** **Crypto**: http://nodejs.org/api/crypto.html
 49 | + **bcrypt**: https://www.npmjs.com/package/bcrypt
 50 | + ***bcrypt.js**: https://github.com/dcodeIO/bcrypt.js
 51 | + **scrypt**: https://www.npmjs.com/package/scrypt
 52 | + js-scrypt: https://www.npmjs.com/package/js-scrypt
 53 | (mostly borrowed from: https://code.google.com/p/javascript-bcrypt/)
 54 | 
 55 | 
 56 | ## Further Reading
 57 | 
 58 | This is a huge and fascinating topic,
 59 | don't skip the background (general) reading
 60 | if you are serious about understanding security!
 61 | 
 62 | ### General
 63 | 
 64 | + Basic Principals:
 65 | http://www.thegeekstuff.com/2012/07/cryptography-basics/
 66 | + Comprehensive intro:
 67 | http://www.ciphersbyritter.com/LEARNING.HTM
 68 | + CS255: Introduction to Cryptography (Stanford Course):
 69 | https://crypto.stanford.edu/~dabo/cs255/
 70 | + Cryptography: An Introduction
 71 | (3rd Edition *Full Book* PDF):
 72 | http://www.cs.umd.edu/~waa/414-F11/IntroToCrypto.pdf
 73 | 
 74 | ### Passwords
 75 | 
 76 | + How To Safely Store A Password:
 77 | http://codahale.com/how-to-safely-store-a-password/
 78 | + Securing Passwords:
 79 | http://www.securityfocus.com/blogs/262
 80 | 
 81 | ### Background Reading
 82 | 
 83 | + Proof of Work:
 84 | https://en.wikipedia.org/wiki/Proof-of-work_system
 85 | + Cryptographic hash function
 86 | http://en.wikipedia.org/wiki/Cryptographic_hash_function
 87 | + Asymptotic analysis:
 88 | http://en.wikipedia.org/wiki/Asymptotic_analysis
 89 | + Bcrypt:
 90 | http://en.wikipedia.org/wiki/Bcrypt
 91 | + Blowfish:
 92 | http://en.wikipedia.org/wiki/Blowfish_(cipher)
 93 | + Scrypt:
 94 | https://en.wikipedia.org/wiki/Scrypt
 95 | 
 96 | ## Videos
 97 | 
 98 | + The Lazy Programmer's Guide to Secure Computing
 99 | http://youtu.be/eL5o4PFuxTY?t=1m3s
100 | 


--------------------------------------------------------------------------------
/index.js:
--------------------------------------------------------------------------------
 1 | var bcrypt = require('bcrypt');
 2 | var pass = {};
 3 | var limit = 20; // above 30 it takes *Days*! ;-)
 4 | var j = 0;
 5 | for(var i = 1; i <= limit; i++){
 6 |   var st = new Date().getTime();
 7 |   bcrypt.genSalt(i, function(err, salt) {
 8 | 
 9 |     bcrypt.hash('B4c0/\/', salt, function(err, hash) {
10 |       // Store hash in your password DB.
11 |       console.log(hash);
12 |       var et = new Date().getTime();
13 |       var took = et - st;
14 |       pass[++j] = took + 'ms';
15 |       console.log("Time to hash: "+took +"ms | " + j);
16 | 
17 |       if(j === limit) {
18 |         console.log(" - - - - - RESULTS - - - - - ");
19 |         console.dir(pass);
20 |       }
21 |     });
22 |   });
23 | 
24 | }
25 | 


--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
 1 | {
 2 |   "name": "learn-crypto",
 3 |   "version": "1.0.0",
 4 |   "description": "Learn how to use Crypto in your JavaScript/Node.js apps",
 5 |   "main": "index.js",
 6 |   "scripts": {
 7 |     "test": "tape"
 8 |   },
 9 |   "repository": {
10 |     "type": "git",
11 |     "url": "https://github.com/nelsonic/learn-crypto.git"
12 |   },
13 |   "keywords": [
14 |     "crypto",
15 |     "cryptography",
16 |     "security"
17 |   ],
18 |   "author": "@nelsonic <contact.nelsonic@gmail.com> (https://github.com/nelsonic)",
19 |   "license": "ISC",
20 |   "bugs": {
21 |     "url": "https://github.com/nelsonic/learn-crypto/issues"
22 |   },
23 |   "homepage": "https://github.com/nelsonic/learn-crypto",
24 |   "dependencies": {
25 |     "bcrypt": "^0.8.1"
26 |   },
27 |   "devDependencies": {
28 |     "tape": "^3.5.0"
29 |   }
30 | }
31 | 


--------------------------------------------------------------------------------
/password_demo.js:
--------------------------------------------------------------------------------
 1 | var bcrypt = require('bcrypt');
 2 | var pass = {};
 3 | var limit = 100;
 4 | var j = 0;
 5 | var st = new Date().getTime();
 6 | for(var i = 1; i <= limit; i++){
 7 |   bcrypt.genSalt(12, function(err, salt) {
 8 | 
 9 |     bcrypt.hash('i', salt, function(err, hash) {
10 |       // Store hash in your password DB.
11 |       console.log(hash);
12 |       var et = new Date().getTime();
13 |       var took = et - st;
14 |       pass[++j] = took + 'ms';
15 |       console.log("Time to hash: "+took +"ms | " + j);
16 | 
17 |       if(j === limit) {
18 |         console.log(" - - - - - RESULTS - - - - - ");
19 |         console.dir(pass);
20 |       }
21 |     });
22 |   });
23 | 
24 | }
25 | 


--------------------------------------------------------------------------------
/test/test.js:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dwyl/learn-cryptography/e1b60d73bf4f62a743fe714227fbcc9a1d3c1803/test/test.js


--------------------------------------------------------------------------------