2021-01-14
2867
#node
Ukpai Ugochi
32132
Jan 14, 2021 ⋅ 10 min read

Node.js crypto module: A tutorial

Ukpai Ugochi I'm a full-stack JavaScript developer on the MEVN stack. I love to share knowledge about my transition from marine engineering to software development to encourage people who love software development and don't know where to begin. I also contribute to OSS in my free time.

Recent posts:

7 Common CSS Navigation Menu Mistakes And How To Fix Them

7 common CSS navigation menu mistakes and how to fix them

Navigation menu errors are common, even for seasoned developers. Learn seven common navigation menu errors and how to solve them using CSS.

Temitope Oyedele
Jun 13, 2025 ⋅ 6 min read
Comparing the top 5 React toast libraries

Comparing the top React toast libraries [2025 update]

Compare the top React toast libraries for when it’s more trouble than it’s worth to create your own custom toast components.

Nefe Emadamerho-Atori
Jun 13, 2025 ⋅ 16 min read
Comparison between TanStack Start and Next.js — two modern full-stack React frameworks with different architectural approaches.

TanStack Start vs. Next.js: Choosing the right full-stack React framework

TanStack Start vs. Next.js: both are powerful full-stack React frameworks, but they take fundamentally different approaches to architecture, routing, and developer experience. This guide breaks down their core features from SSR and data fetching to TypeScript support and deployment, to help you choose the right tool for your next React project.

Abiola Farounbi
Jun 12, 2025 ⋅ 8 min read
Angular v20 might seem boring…here are 5 reasons it’s not

Angular v20 might seem boring — Here are 6 reasons it’s not

While it may seem like a maintenance update, Angular v20 is packed with practical, production-ready upgrades that will enable us to build apps faster and with more confidence.

Yan Sun
Jun 12, 2025 ⋅ 8 min read
View all posts

5 Replies to "Node.js crypto module: A tutorial"

  1. Would suggest changing your aes example to use aes-256 and the password example mention why a higher iteration count is important, and may want to switch to the async methods, especially for higher iterations and mention countermeasures as this can be a point for DDoS depending on configuration and implementation details..

  2. Hello!
    Thank you for the kind feedback. Although larger key sizes exist mostly to satisfy some US military regulations which require several distinct security levels, the larger key sizes imply some CPU overhead (+20% for a 192-bit key, +40% for a 256-bit key. This is why most applications use 192-bit key. Also, the reason why most people will use a higher iteration is to make it difficult for attackers to easily decipher passwords. Sure! It’ll be a better idea to apply asynchronous programming for higher iteration, otherwise synchronous method as applied here presents no delay.

    Do well to reach out if you have further questions or suggestions. Thank you!

  3. Hi Ukpai, I have not finished reading the full article, but isn’t it better, when authenticating a user, to encrypt the password they supply and compare that result with the stored (encrypted) value? Tebb

  4. Hello Tebb!

    This is what I tried to implement in the login method.
    password: crypto.pbkdf2Sync(req.body.password, salt,
    1000, 64, `sha512`).toString(`hex`)

    Crypto doesn’t have a compare method like bcrypt. This is why developers opt for bcrypt whenever it involves ciphering login details

Leave a Reply