JSFoo Pune 2019

Google the term “authentication in node.js” and you will be greated with thousands of tutorials on how to create a database table with the fields and verify the hash; that’s it. The problem is that security and authentication is not that simple; it can be easy, but you need to work a little for that. In this talk, we will go over some bad methods of authentication and then we’ll look at the good ones followed by a live coding session to show how easy it is to implement this in real life. The talk assumes that the audience does not hold a bachelor’s in applied mathematics just; if you do, it’ll be even better.

Outline

Introduction

• What? Why? How?
• Bad ways

Effects of the bad ways

• Common misconceptions about authentication and, in general, cryptography

Introduction to Modern Ways of Credential Storage

• bcrypt, SHA-*
• Problems with these methods

(Probable) Solutions:

• NIST standards
• PBKDF, etc.

Actual Solution

• Dream crusher
• Common mistakes
• Easy, yet reliable methods

Hands-On

• Bad solution (with JWT)
• Average solution
• Good solution

Questions

Requirements

A laptop with the Node.js environment, a text editor and some zeal!

Speaker bio

A 19-year old programmer, amateur mathematician and a student from India. In the past 9 years I have honed my skills in Node.js, ReactJS, AWS and NoSQL databases with competitive experience in PHP and .NET (Windows Forms). My primary areas of interest are secure data channels, asymmetric cryptography, group theory and number theory with a pinch of applied geometry. Currently working as a backend developer at Isomr Studios Private Limited in India.

Slides

https://speakerdeck.com/labsvisual/how-not-to-do-authentication-in-node-dot-js