From 48f6d53148cf4d6b548087531cdc0f597c8af19d Mon Sep 17 00:00:00 2001
From: Matt Huntington <matt.huntington@gmail.com>
Date: Mon, 22 Aug 2016 21:59:00 -0400
Subject: [PATCH] bcrypt

---
 node.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/node.md b/node.md
index 463c178..91b56a5 100644
--- a/node.md
+++ b/node.md
@@ -313,5 +313,26 @@ var userData = req.session.userData;
 ```
 
 ## Bcrypt
+
+To encrypt information, we `npm install bcrypt --save` and require it:
+
+```javascript
+var bcrypt = require('bcrypt');
+```
+
+To encrypt a value:
+
+```javascript
+var encryptedValue = bcrypt.hashSync('value to encrypt', bcrypt.genSaltSync(10));
+```
+
+genSaltSync determines how difficult it is to crack the encryption.  The higher the number, the harder it is, but the longer it takes.  10 is usually good.
+
+Using this technique, the same starting value will not be encrypted the same way twice.  This prevents from a hacker from guessing other users' passwords based on matching encrypted values.  This means that we can never decrypt a salted value.  Instead, we can only compare it with another salted value to see if they so close that they can't be anything but the same.
+
+```javascript
+var valuesMatch = bcrypt.compareSync('does salted value match this?', saltedValue);
+```
+
 ## Static
 ## Database