Join us on the demo, while our product experts provide a detailed walkthrough of our enterprise platform.

Password hashing with NodeJS

In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using crypto, a package password…

Ashish Sharma
Ashish Sharma
June 25, 2020
5 min read

In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using crypto, a package password hashing for Node.js.

The Crypto module for Node JS helps developers to hash user passwords.


  • Basic knowledge of HTML/JavaScript
  • Node js should be installed in your system.
  • express module for creating the server.
  • mongoose module for MongoDB connection and queries.
  • Crypto module for hashing.
  • body-parser for parsing JSON data

Step 1. First, create a directory structure as below :



Step 2. Create model/user.js file and add the following code :

// Importing modules 
const mongoose = require('mongoose'); 
var crypto = require('crypto'); 
// Creating user schema 
const UserSchema = mongoose.Schema({ 
    name : { 
        type : String, 
        required : true
    email : { 
        type : String, 
        required : true
    hash : String, 
    salt : String 
// Method to set salt and hash the password for a user 
UserSchema.methods.setPassword = function(password) { 
 // Creating a unique salt for a particular user 
    this.salt = crypto.randomBytes(16).toString('hex'); 
    // Hashing user's salt and password with 1000 iterations, 
    this.hash = crypto.pbkdf2Sync(password, this.salt,  
    1000, 64, `sha512`).toString(`hex`); 
// Method to check the entered password is correct or not 
UserSchema.methods.validPassword = function(password) { 
    var hash = crypto.pbkdf2Sync(password,  
    this.salt, 1000, 64, `sha512`).toString(`hex`); 
    return this.hash === hash; 
// Exporting module to allow it to be imported in other files 
const User = module.exports = mongoose.model('User', UserSchema); 

Step 3. Create route/user.js file and add the following code:

// Importing modules 
const express = require('express'); 
const router = express.Router(); 

// Importing User Schema 
const User = require('../model/user'); 

// User login api'/login', (req, res) => { 

    // Find user with requested email 
    User.findOne({ email : }, function(err, user) { 
        if (user === null) { 
            return res.status(400).send({ 
                message : "User not found."
        else { 
            if (user.validPassword(req.body.password)) { 
                return res.status(201).send({ 
                    message : "User Logged In", 
            else { 
                return res.status(400).send({ 
                    message : "Wrong Password"

// User signup api'/signup', (req, res, next) => { 

// Creating empty user object 
    let newUser = new User(); 

    // Initialize newUser object with request data =, =,


                    // Call setPassword function to hash password 

    // Save newUser object to database, User) => { 
        if (err) { 
            return res.status(400).send({ 
                message : "Failed to add user."
        else { 
            return res.status(201).send({ 
                message : "User added successfully."
// Export module to allow it to be imported in other files 
module.exports = router; 

Step 4. Create server.js file :

// Importing modules
var express = require('express');
var mongoose = require('mongoose');
var bodyparser = require('body-parser');
// Initialize express app
var app = express();
// Mongodb connection url
var MONGODB_URI = "mongodb://localhost:27017/hashAppDb";
// Connect to MongoDB
mongoose.connection.on('connected', () => {
    console.log('Connected to MongoDB @ 27017');
// Using bodyparser to parse json data
// Importing routes
const user = require('./route/user');
// Use user route when url matches /api/user/
app.use('/api/user', user);
// Creating server
const port = 3000;
app.listen(port, () => {
    console.log("Server ru
nning at port: " + port);

Step 5. Run server.js file using command

node server.js

Step 6. Open Postman and create a post request to localhost:3000/api/user/signup with following body parameter:

"name" : "test".
"email" : "",
"password" : "test1234"

Run the request and you will get a success response:

"message" : "user added sucessfully"

User data is stored in the database as below:

    "_id": {
        "$oid": "5ab71ef2afb6db0148052f6f"
    "name": "test",
    "email": "",
    "salt": "ddee18ef6a6804fbb919b25f790005e3",
    "hash": "bbf13ae4db87d475ca0ee5f97e397248a23509fc10c82f1e3cf110
    "__v": 0

If we have sensitive data or information that you need to be protected, ensuring it is secured correctly is important. With the above process, we can now successfully store our hashed password into our database with a bit of additional security.

You can check the code on Github.

LoginRadius Docs

Implement Authentication in Minutes

click here

Most Popular Tags


Are your customers safe on your application?

According to Forbes, data breaches exposed 4.1 billion records in the first six months of 2019. If this gets you worried, we’ve got your back!

LoginRadius protects your customers’ identities. We provide world-class security for your customers during login, registration, password setup, and any other data touchpoints, and make sure that their data is safe. We do so through by offering open source SDKs, integrations with over 150 third party applications, pre-designed and customizable login interfaces, and best-in-class data security products such as MFA, RBA, and Advanced Password Policies. The platform is already loved by over 3,000 businesses with a monthly reach of 1.17 billion users worldwide.Secure Your Application Now

Ashish Sharma

Ashish Sharma

Ashish is a software engineer who continually seeks clean, elegant solutions to business challenges. His lifelong passion for technology drives him to proactively expand horizons, constantly exploring and evaluating new languages, platforms, frameworks and tools.

View Profile

Try a Modern Authentication Solution

$0/ month

Free Sign Up
  • 5,000 MAU
  • 1 Web or mobile app
  • Standard login
  • 3 Social Login Providers
  • Transactional Email Template
  • Customizable Login Interfaces