# @sl-nx/couch-pwd

## An up-to-date version of couch-pwd that is actually published.

Hash and compare passwords with the crypto's pbkdf2.
Heavily inspired by [node-pwd](https://github.com/visionmedia/node-pwd).

Uses the following values as defaults:

- iterations = 10
- keylen = 20
- size = 16
- encoding = 'hex'
- digest = 'SHA1'

The resulting salt and password Strings are the same you'd get when you save a
user to CouchDB and let CouchDB do all the hashing for you.

Module has two goals

- verify user passwords without making requests to `/_session` API
- use the same hashing algorithm for other databases

## Installation

```bash
npm install couch-pwd
```

## Example

On signup generate a salt / password hash, and save it somewhere:

```js
var pwdModule = require('couch-pwd');
var pwd = new pwdModule();
pwd.hash('my password', function (err, salt, hash) {
  user.salt = salt;
  user.hash = hash;
});
```

To authenticate load and compare:

```js
var pwdModule = require('couch-pwd');
var pwd = new pwdModule();
pwd.hash('submitted password', user.salt, function (err, hash) {
  if (user.hash == hash) {
    // yay
  }
});
```

## License

MIT