bcrypt instead of crypto
juanda99 opened this issue · comments
It would be better to use bcrypt, beause its more secure as it's slower (uses more computing cycles).
Your code could also be better:
You wouldn't need salt field in User model, because it's saved into the same field as password does.
For authentication, something like:
var mongoose = require('mongoose'),
bcrypt = require('bcryptjs');
var userSchema = mongoose.Schema({
email: String,
pw: String,
});
userSchema.methods.validPassword = function(password) {
return bcrypt.compareSync(password, this.pw);
};
I can make a PR
+1
+1 for bcrypt
!
+1
please +1