
Encrypt and decrypt content with Nodejs - alemhnan
http://lollyrock.com/articles/nodejs-encryption/
======
technion
It talks about Encrypt-then-MAC, but unless I'm missing something, these
examples just do the "encrypt" part and leave it unauthenticated.

Also, quoting from the NodeJS manual, you shouldn't be passing a password
directly into this function:

createCipher derives keys with the OpenSSL function EVP_BytesToKey with the
digest algorithm set to MD5, one iteration, and no salt. The lack of salt
allows dictionary attacks as the same password always creates the same key.
The low iteration count and non-cryptographically secure hash algorithm allow
passwords to be tested very rapidly.

In line with OpenSSL's recommendation to use pbkdf2 instead of EVP_BytesToKey
it is recommended you derive a key and iv yourself with crypto.pbkdf2 and to
then use createCipheriv() to create the cipher stream.

