In this question, Mubashar asks about storing sensitive info securely in memory using C#, and is pointed to the SecureString class from .NET. Is there an existing comparable tool that will do this in node.js? Otherwise, which is the way to go about doing this using node resources available?
you can use closures to scope the private key and salt and inside that closure have another closure you create with the hashed password have the inner closure return a function that accepts a challenge (like your password to unlock it)
function outer (key, salt) {
return function generator (password) {
var hash = gen_hash(key, salt, password);
password = undefined;
return function (challenge) {
var response = test_challenge(challenge, hash, key, salt);
return repsonse;
}
}
}
use that like:
var challenger = outer('my-key','salt')('password')
then when you want to retreive the encrypted password you will have to pass the challenge
var password = challenger('my-unlock-code');
use any crytography library you'd like this isnt a working example, its just an example on how to use closures to scope the sensitive data.