Join us on the demo, while our product experts provide a detailed walkthrough of our enterprise platform.


The latest news in the world of engineering.

Identity and Access Management (IAM), including security and customer experience.

Visit Blog

Grow your business to millions.Engage and retain your customers.

Visit Blog

Password hashing with NodeJS

In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using crypto, a package password…

Ashish Sharma
Ashish Sharma
June 25, 2020
5 min read

Free, Secure and Trusted Way to Authenticate Your Visitors

Add login to your website in 5 minutes completely for free!

Free Sign UpNo hidden costs. No credit card needed.

In this blog, we’ll be implementing authentication with password hashing in a Node.js web application. For this, we’ll be using crypto, a package password hashing for Node.js.

The Crypto module for Node JS helps developers to hash user passwords.


  • Basic knowledge of HTML/JavaScript
  • Node js should be installed in your system.
  • express module for creating the server.
  • mongoose module for MongoDB connection and queries.
  • Crypto module for hashing.
  • body-parser for parsing JSON data

Step 1. First, create a directory structure as below :



Step 2. Create model/user.js file and add the following code :

// Importing modules 
const mongoose = require('mongoose'); 
var crypto = require('crypto'); 
// Creating user schema 
const UserSchema = mongoose.Schema({ 
    name : { 
        type : String, 
        required : true
    email : { 
        type : String, 
        required : true
    hash : String, 
    salt : String 
// Method to set salt and hash the password for a user 
UserSchema.methods.setPassword = function(password) { 
 // Creating a unique salt for a particular user 
    this.salt = crypto.randomBytes(16).toString('hex'); 
    // Hashing user's salt and password with 1000 iterations, 
    this.hash = crypto.pbkdf2Sync(password, this.salt,  
    1000, 64, `sha512`).toString(`hex`); 
// Method to check the entered password is correct or not 
UserSchema.methods.validPassword = function(password) { 
    var hash = crypto.pbkdf2Sync(password,  
    this.salt, 1000, 64, `sha512`).toString(`hex`); 
    return this.hash === hash; 
// Exporting module to allow it to be imported in other files 
const User = module.exports = mongoose.model('User', UserSchema); 

Step 3. Create route/user.js file and add the following code:

// Importing modules 
const express = require('express'); 
const router = express.Router(); 

// Importing User Schema 
const User = require('../model/user'); 

// User login api'/login', (req, res) => { 

    // Find user with requested email 
    User.findOne({ email : }, function(err, user) { 
        if (user === null) { 
            return res.status(400).send({ 
                message : "User not found."
        else { 
            if (user.validPassword(req.body.password)) { 
                return res.status(201).send({ 
                    message : "User Logged In", 
            else { 
                return res.status(400).send({ 
                    message : "Wrong Password"

// User signup api'/signup', (req, res, next) => { 

// Creating empty user object 
    let newUser = new User(); 

    // Initialize newUser object with request data =, =,


                    // Call setPassword function to hash password 

    // Save newUser object to database, User) => { 
        if (err) { 
            return res.status(400).send({ 
                message : "Failed to add user."
        else { 
            return res.status(201).send({ 
                message : "User added successfully."
// Export module to allow it to be imported in other files 
module.exports = router; 

Step 4. Create server.js file :

// Importing modules
var express = require('express');
var mongoose = require('mongoose');
var bodyparser = require('body-parser');
// Initialize express app
var app = express();
// Mongodb connection url
var MONGODB_URI = "mongodb://localhost:27017/hashAppDb";
// Connect to MongoDB
mongoose.connection.on('connected', () => {
    console.log('Connected to MongoDB @ 27017');
// Using bodyparser to parse json data
// Importing routes
const user = require('./route/user');
// Use user route when url matches /api/user/
app.use('/api/user', user);
// Creating server
const port = 3000;
app.listen(port, () => {
    console.log("Server ru
nning at port: " + port);

Step 5. Run server.js file using command

node server.js

Step 6. Open Postman and create a post request to localhost:3000/api/user/signup with following body parameter:

"name" : "test".
"email" : "",
"password" : "test1234"

Run the request and you will get a success response:

"message" : "user added sucessfully"

User data is stored in the database as below:

    "_id": {
        "$oid": "5ab71ef2afb6db0148052f6f"
    "name": "test",
    "email": "",
    "salt": "ddee18ef6a6804fbb919b25f790005e3",
    "hash": "bbf13ae4db87d475ca0ee5f97e397248a23509fc10c82f1e3cf110
    "__v": 0

If we have sensitive data or information that you need to be protected, ensuring it is secured correctly is important. With the above process, we can now successfully store our hashed password into our database with a bit of additional security.

You can check the code on Github.

LoginRadius Docs

Implement Authentication in Minutes

click here

Most Popular Tags


Do you want a free authentication solution?

Add the world's most secure, reliable and easy to implement user authentication solution on your applications at $0Get Started Free

Ashish Sharma

Ashish Sharma

Ashish is a software engineer who continually seeks clean, elegant solutions to business challenges. His lifelong passion for technology drives him to proactively expand horizons, constantly exploring and evaluating new languages, platforms, frameworks and tools.

View Profile

Try a Modern Authentication Solution

$0/ month

Free Sign Up
  • 7,000 Monthly Active Users
  • 1 Web or Mobile App
  • Email/Password Login
  • 3 Social Login Providers
  • User Data Storage
  • Transactional Email Template
  • Customizable Login Interfaces