我有一个字符串需要进行哈希处理,在node.js中,最简单的生成哈希的方法是什么?
这个哈希是用于版本控制而非安全性。
考虑到来自http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/的想法(简而言之:先加密,然后进行身份验证。之后先验证,然后解密),我已在node.js中实现了以下解决方案:
function encrypt(text,password){
var cipher = crypto.createCipher(algorithm,password)
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text,password){
var decipher = crypto.createDecipher(algorithm,password)
var dec = decipher.update(text,'hex','utf8')
dec += decipher.final('utf8');
return dec;
}
function hashText(text){
var hash = crypto.createHash('md5').update(text).digest("hex");
//console.log(hash);
return hash;
}
function encryptThenAuthenticate(plainText,pw)
{
var encryptedText = encrypt(plainText,pw);
var hash = hashText(encryptedText);
return encryptedText+"$"+hash;
}
function VerifyThenDecrypt(encryptedAndAuthenticatedText,pw)
{
var encryptedAndHashArray = encryptedAndAuthenticatedText.split("$");
var encrypted = encryptedAndHashArray[0];
var hash = encryptedAndHashArray[1];
var hash2Compare = hashText(encrypted);
if (hash === hash2Compare)
{
return decrypt(encrypted,pw);
}
}
可以使用以下方式进行测试:
var doom = encryptThenAuthenticate("The encrypted text",user.cryptoPassword);
console.log(VerifyThenDecrypt(doom,user.cryptoPassword));
你可以使用 crypto-js JavaScript 加密标准库,这是生成 sha256
或 sha512
最简单的方法。
const SHA256 = require("crypto-js/sha256");
const SHA512 = require("crypto-js/sha512");
let password = "hello"
let hash_256 = SHA256 (password).toString();
let hash_512 = SHA512 (password).toString();
即使哈希不是用于安全目的,您也可以使用sha代替md5。在我看来,人们现在应该忘记md5,它已经过时了!
普通的nodejs sha256已被弃用。因此,您现在有两个选择:
var shajs = require('sha.js') - https://www.npmjs.com/package/sha.js (used by Browserify)
var hash = require('hash.js') - https://github.com/indutny/hash.js
我更喜欢使用shajs
而不是hash
,因为我认为sha是目前最好的哈希函数,而且现在你不需要其他的哈希函数。所以要获取一些十六进制哈希值,你应该像下面这样做:
sha256.update('hello').digest('hex')
使用PBKDF2在NodeJs中进行密码哈希
const pbkdf2 = require("pbkdf2");
const crypto = require("crypto");
// UserSchema
//...
// Method to create pbkdf2 hash from plain text
UserSchema.methods.createHash = async function (plainTextPassword) {
// Generate a salt and then create hash
const salt = crypto.randomBytes(16).toString("hex");
const hashedPassword = pbkdf2
.pbkdf2Sync(plainTextPassword, salt, 10, 32, "sha512")
.toString("hex");
// Saving both the dynamic salt and hash in the Database
return [salt, hashedPassword].join("#");
};
// Validating the password with pbkdf2 hash
UserSchema.methods.validatePassword = async function (candidatePassword) {
const hashedPassword = this.password_hash.split("#")[1];
const salt = this.password_hash.split("#")[0];
const hash = pbkdf2
.pbkdf2Sync(candidatePassword, salt, 10, 32, "sha512")
.toString("hex");
if (hash === hashedPassword) {
return true;
}
return false;
};
module.exports.User = mongoose.model("User", UserSchema);
使用Argon2在NodeJs中进行密码哈希处理
const argon2 = require("argon2");
// UserSchema
...
// Method to generate Hash from plain text using argon2
UserSchema.methods.createHash = async function (plainTextPassword) {
// return password hash
return await argon2.hash(plainTextPassword);
};
// Method to validate the entered password using argon2
UserSchema.methods.validatePassword = async function (candidatePassword) {
return await argon2.verify(this.password_hash, candidatePassword)
};
module.exports.User = mongoose.model("User", UserSchema);
本文可以帮助您设置并执行演示项目。 https://mojoauth.com/blog/hashing-passwords-in-nodejs/