From ebddcd319abbf76258a128a710f9ddad63c99da2 Mon Sep 17 00:00:00 2001
From: Davy Chiu <davychiu@gmail.com>
Date: Wed, 4 Dec 2013 05:20:48 -0800
Subject: [PATCH] hash password with pbkdf2

---
 app/models/user.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/models/user.js b/app/models/user.js
index 8c960a12..45b801f8 100755
--- a/app/models/user.js
+++ b/app/models/user.js
@@ -105,7 +105,7 @@ UserSchema.methods = {
      * @api public
      */
     makeSalt: function() {
-        return Math.round((new Date().valueOf() * Math.random())) + '';
+       return crypto.randomBytes(16).toString('base64'); 
     },
 
     /**
@@ -117,8 +117,9 @@ UserSchema.methods = {
      */
     encryptPassword: function(password) {
         if (!password) return '';
-        return crypto.createHmac('sha1', this.salt).update(password).digest('hex');
+        salt = new Buffer(this.salt, 'base64');
+        return crypto.pbkdf2Sync(password, salt, 10000, 64).toString('base64');
     }
 };
 
-mongoose.model('User', UserSchema);
\ No newline at end of file
+mongoose.model('User', UserSchema);