Closed trdarr closed 8 years ago
This has been fixed in https://github.com/jcoglan/vault-cipher release 0.3.3, and in the master
branch via https://github.com/jcoglan/vault-cipher/commit/8ce8c72c61bef6a7cc00967db0244615bbcd6bd1 and https://github.com/jcoglan/vault-cipher/commit/3b8a1f6ce86728e58ca7ca92e327c7efaa0826e7.
When I changed over from Node 4.2 to Node 6.0, I started getting this warning. From the comments, it was unclear which version or even which package I needed to update to in order to not get the warning.
However, I changed from this:
1 this.password = crypto.pbkdf2Sync (
2 password,
3 this.salt,
4 1000,
5 64).toString('hex');
to this:
1 this.password = crypto.pbkdf2Sync (
2 password,
3 this.local.salt,
4 1000,
5 64,
6 'sha1').toString('hex');
and I was okay.
If you're running vault@0.3.0
(the last properly released package on npm), then you need to bump vault-cipher
to 0.3.3
.
I don't think I have either vault or vault-cipher. Here is an npm list of my stuff. I must be sniffing around the wrong package. Sorry for the confusion.
├─┬ bcrypt@0.8.7
│ ├── bindings@1.2.1
│ └── nan@2.3.5
├─┬ body-parser@1.15.2
│ ├── bytes@2.4.0
│ ├── content-type@1.0.2
│ ├── debug@2.2.0
│ ├── depd@1.1.0
│ ├─┬ http-errors@1.5.1
│ │ ├── inherits@2.0.3
│ │ ├── setprototypeof@1.0.2
│ │ └── statuses@1.3.1
│ ├── iconv-lite@0.4.13
│ ├─┬ on-finished@2.3.0
│ │ └── ee-first@1.1.1
│ ├── qs@6.2.0
│ ├─┬ raw-body@2.1.7
│ │ └── unpipe@1.0.0
│ └─┬ type-is@1.6.14
│ ├── media-typer@0.3.0
│ └─┬ mime-types@2.1.13
│ └── mime-db@1.25.0
├─┬ cookie-parser@1.4.3
│ ├── cookie@0.3.1
│ └── cookie-signature@1.0.6
├── crypto@0.0.3
├─┬ debug@2.3.3
│ └── ms@0.7.2
├─┬ express@4.14.0
│ ├─┬ accepts@1.3.3
│ │ └── negotiator@0.6.1
1.1.1
│ ├── content-disposition@0.5.1
│ ├── debug@2.2.0
│ ├── encodeurl@1.0.1
│ ├── escape-html@1.0.3
│ ├── etag@1.7.0
│ ├─┬ finalhandler@0.5.0
│ │ └── debug@2.2.0
│ ├── fresh@0.3.0
│ ├── merge-descriptors@1.0.1
│ ├── methods@1.1.2
│ ├── parseurl@1.3.1
│ ├── path-to-regexp@0.1.7
│ ├─┬ proxy-addr@1.1.2
│ │ ├── forwarded@0.1.0
│ │ └── ipaddr.js@1.1.1
│ ├── range-parser@1.2.0
│ ├─┬ send@0.14.1
│ │ ├── debug@2.2.0
│ │ ├── destroy@1.0.4
│ │ └── mime@1.3.4
│ ├── serve-static@1.11.1
│ ├── utils-merge@1.0.0
│ └── vary@1.1.0
├─┬ jsonwebtoken@7.2.1
│ ├─┬ joi@6.10.1
│ │ ├── hoek@2.16.3
│ │ ├── isemail@1.2.0
│ │ ├── moment@2.17.1
│ │ └── topo@1.1.0
│ ├─┬ jws@3.1.4
│ │ ├── base64url@2.0.0
│ │ ├─┬ jwa@1.1.5
│ │ │ ├── buffer-equal-constant-time@1.0.1
│ │ │ └── ecdsa-sig-formatter@1.0.9
│ │ └── safe-buffer@5.0.1
│ ├── lodash.once@4.1.1
│ ├── ms@0.7.1
│ └── xtend@4.0.1
├─┬ mongoose@4.7.1
│ ├─┬ async@2.1.2
│ │ └── lodash@4.17.2
│ ├── bson@0.5.7
│ ├── hooks-fixed@1.2.0
│ ├── kareem@1.1.3
│ ├─┬ mongodb@2.2.11
│ │ ├── es6-promise@3.2.1
│ │ ├─┬ mongodb-core@2.0.13
│ │ │ └─┬ require_optional@1.0.0
│ │ │ ├── resolve-from@2.0.0
│ │ │ └── semver@5.3.0
│ │ └─┬ readable-stream@2.1.5
│ │ ├── buffer-shims@1.0.0
│ │ ├── core-util-is@1.0.2
│ │ ├── isarray@1.0.0
│ │ ├── process-nextick-args@1.0.7
│ │ ├── string_decoder@0.10.31
│ │ └── util-deprecate@1.0.2
│ ├── mpath@0.2.1
│ ├── mpromise@0.5.5
│ ├─┬ mquery@2.0.0
│ │ ├── bluebird@2.10.2
│ │ ├── debug@2.2.0
│ │ └── sliced@0.0.5
│ ├── muri@1.1.1
│ ├── regexp-clone@0.0.1
│ └── sliced@1.0.1
├─┬ morgan@1.7.0
│ ├── basic-auth@1.0.4
│ ├── debug@2.2.0
│ └── on-headers@1.0.1
├─┬ passport@0.3.2
│ ├── passport-strategy@1.0.0
│ └── pause@0.0.1
├── passport-local@1.0.0
└─┬ serve-favicon@2.3.2
└── ms@0.7.2
From nodejs/node#4047, it seems like the default digest was
'sha1'
.