[Pkg-javascript-commits] [node-evp-bytestokey] 14/29: README: fix examples and API, remove sarcasm
Bastien Roucariès
rouca at moszumanska.debian.org
Fri Sep 8 09:56:50 UTC 2017
This is an automated email from the git hooks/post-receive script.
rouca pushed a commit to branch master
in repository node-evp-bytestokey.
commit 238bef2cab433d2e62df523cda829cbc454ee02e
Author: Daniel Cousens <github at dcousens.com>
Date: Mon Aug 21 13:03:55 2017 +1000
README: fix examples and API, remove sarcasm
---
README.md | 32 +++++++++++++-------------------
package.json | 2 +-
2 files changed, 14 insertions(+), 20 deletions(-)
diff --git a/README.md b/README.md
index ffc9460..748b341 100644
--- a/README.md
+++ b/README.md
@@ -1,46 +1,40 @@
-# EVP_BytesToKey
-
+# EVP\_BytesToKey
[](https://www.npmjs.org/package/evp_bytestokey)
[](https://travis-ci.org/crypto-browserify/EVP_BytesToKey)
[](https://david-dm.org/crypto-browserify/EVP_BytesToKey#info=dependencies)
[](https://github.com/feross/standard)
+The insecure [key derivation algorithm from OpenSSL.][1]
-The super secure [key derivation algorithm from openssl][1]
+**WARNING: DO NOT USE, except for compatibility reasons.**
-**ALERT**
+MD5 is insecure.
-**is not actually secure, only every use it for compatibility reasons**
+Use at least `scrypt` or `pbkdf2-hmac-sha256` instead.
-**Newer applications should use more standard algorithms such as PBKDF2 as defined in PKCS#5v2.1 for key derivation.**
## API
+`EVP_BytesToKey(password, salt, keyLen, ivLen)`
-`EVP_BytesToKey(createHash, salt, data, count, keyLen, ivLen)`
-
-* `createHash` - function which return [node Hash class][2].
+* `password` - `Buffer`, password used to derive the key data.
* `salt` - 8 byte `Buffer` or `null`, salt is used as a salt in the derivation.
-* `data` - `Buffer`, data which is used to derive the keying data.
-* `count` - `number`, count is the iteration count to use.
* `keyLen` - `number`, key length in bytes.
* `ivLen` - `number`, iv length in bytes.
-*Return*: `{ key: Buffer, iv: Buffer }`
+*Returns*: `{ key: Buffer, iv: Buffer }`
-## Examples
-MD5 with AES256:
+## Examples
+MD5 with `aes-256-cbc`:
```js
const crypto = require('crypto')
const EVP_BytesToKey = require('evp_bytestokey')
-const data = EVP_BytesToKey(
- () => crypto.createHash('md5'),
+const result = EVP_BytesToKey(
+ 'my-secret-password',
null,
- 'my-secret-data',
- 1,
32,
16
)
@@ -48,7 +42,7 @@ const data = EVP_BytesToKey(
// { key: <Buffer e3 4f 96 f3 86 24 82 7c c2 5d ff 23 18 6f 77 72 54 45 7f 49 d4 be 4b dd 4f 6e 1b cc 92 a4 27 33>,
// iv: <Buffer 85 71 9a bf ae f4 1e 74 dd 46 b6 13 79 56 f5 5b> }
-const cipher = crypto.createCipheriv('aes-256-cbc', data.key, data.iv)
+const cipher = crypto.createCipheriv('aes-256-cbc', result.key, result.iv)
```
## LICENSE [MIT](LICENSE)
diff --git a/package.json b/package.json
index c6cbc5d..5388f4a 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
{
"name": "evp_bytestokey",
"version": "1.0.0",
- "description": "the super secure key derivation algorithm from openssl",
+ "description": "The insecure key derivation algorithm from OpenSSL",
"keywords": [
"crypto",
"openssl"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-evp-bytestokey.git
More information about the Pkg-javascript-commits
mailing list