How to use pbkdf2:sha256 for password hashing in a custom database?

We have an existing database that uses pbkdf2:sha256 to hash passwords. I want to use the custom database login script to connect to our database an verify our existing password hashes.

When I try to require(‘pbkdf2-sha256’) I get an error Cannot find module ‘pbkdf2-sha256’ is it possible to use pbkdf2-sha256 in a custom login function?

If you want to compare a password hashed with pbkdf2, you should be able to use the built-in crypto library for configured with the expected digest function. Read more about this here:

https://nodejs.org/api/crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback

How you call this will depend on your exact configuration when generating the hash, but here’s an example to get you started:

crypto.pbkdf2(password, salt, iterations, keyLength, 'sha256', function(err, key) {
  if (err) { return callback(err); }
  if (key.toString('hex') === hash) { /* password matches */ }
});

To compare the hashes, we recommend a method like crypto.timingSafeEqual to avoid timing attacks.