Handling Passwords in Kawkab
In the world of modern application development, password protection is crucial to ensure the security of user data. In the Kawkab framework, we provide custom functions to easily and securely hash and verify passwords.
What is the Password Protection Process?
Password protection involves converting plain text passwords into encrypted hash values using strong algorithms.
Features of this process:
- Non-readability: The hashed password cannot be read directly.
- Security consistency: Secure algorithms are used to ensure data protection.
- Quick verification: The password can be verified without knowing the original text.
Password Functions in Kawkab
1. hash
A function used to generate an encrypted hash of the password.
- It uses advanced algorithms to generate the hash.
- It is recommended to use this during the registration or password update process.
Example:
import { password } from "kawkab";
const myPassword = "MySecurePassword123";
const hashedPassword = await password.hash(myPassword);
console.log(hashedPassword);
// Output: A hashed string like: "$2b$10$XfT...9lmJ"Additional Options:
You can customize the encryption strength (Salt Rounds) to ensure more security.
const strongHash = await password.hash(password, 12);2. verify
A function used to compare the entered password with the stored hash to verify its validity.
- It is used during login or other operations that require verification.
Example:
import { password } from "kawkab";
const myPassword = "MySecurePassword123";
const hashedPassword = await password.hash(myPassword);
const isValid = await password.verify(myPassword, hashedPassword);
if (isValid) {
console.log("Password is correct.");
} else {
console.log("Password is incorrect.");
}Practical Uses of Passwords in Applications
1. Registering New Users
When registering a user, the password is hashed before storing it in the database.
import { password } from "kawkab";
async function registerUser(username: string, password: string) {
const hashedPassword = password.hash(password);
console.log(`User ${username} has been registered with an encrypted password: ${hashedPassword}`);
}
registerUser("Hassan", "Password123!");2. Logging In
When attempting to log in, the entered password is compared to the stored hash.
import { password } from "kawkab";
async function loginUser(inputPassword: string, storedHash: string) {
const isMatch = await password.verify(inputPassword, storedHash);
if (isMatch) {
console.log("Logged in successfully.");
} else {
console.log("Incorrect password.");
}
}
// Example
loginUser("Password123!", "$2b$10$XfT...9lmJ");Comparison of hash and verify
| Function | Inputs | Output | Usage |
|---|---|---|---|
hash | Plain text password | Hashed password | Hashing passwords during registration |
verify | Plain text password + hash | true or false | Verification during login |
Practical Tips
- Do not store passwords as plain text. Always use the
hashfunction to encrypt them. - Set the number of salt rounds between 10-14 for a balance between performance and security.
- During verification, only use the
verifyfunction to compare passwords.
By using the Kawkab functions dedicated to password protection, you can ensure a high level of security for your users and reduce security risks.