How to create random-salt-hash with crypto

javascript node.js cryptography node-crypto
41,057

A quick look at the documentation turns up the crypto.randomBytes function.

var buf = crypto.randomBytes(16);

This returns a buffer containing raw bytes. If you want a string, you can use toString('base64') or toString('hex').

Share:
41,057
dev.pus
Author by

dev.pus

Updated on June 27, 2020

Comments

  • dev.pus
    dev.pus almost 4 years

    I want to create a salt-hash using node.js crypto lib without having to parse any hardcoded data.

    What do I mean with hardcoded?

    var salt, hardcodedString = "8397dhdjhjh";
crypto.createHmac('sha512', hardcodedString).update(salt).digest("base64");

    Isn't there any other way how I can create a random string without using raw javascript, random functions or hardcoding something?

    Regards

    UPDATE

    var Crypto = require('crypto')
    , mongoose = require('mongoose');

module.exports = mongoose.model('User', new mongoose.Schema({
    username: {
        type: String
        , required: true
        , index: { unique: true, sparse: true }
        , set: toLower
    },
    email: {
        type: String
        , required: true
        , index: { unique: true, sparse: true }
        , set: toLower
    },
    salt: {
        type: String
        , set: generateSalt
    },
    password: {
        type: String
        , set: encodePassword
    }
}),'Users');

function toLower(string) {
    return string.toLowerCase();
}

function generateSalt() {
    //return Math.round((new Date().valueOf() * Math.random())) + '';
    Crypto.randomBytes('256', function(err, buf) {
        if (err) throw err;
        return buf;
    });
    // return Crypto.randomBytes('256'); // fails to
}

function encodePassword(password) {
    return password;
    // TODO: setter has no access to this.salt
    //return Crypto.createHmac('sha512', salt).update(password).digest("base64");
}

function authenticate(plainPassword) {
    return encodePassword(plainPassword) === this.password;
}
  • CodesInChaos
    CodesInChaos almost 12 years
    Why are you quoting the number? And 256 bytes is a bit long for a salt, the 256 in my post is just quotes from the example.
  • dev.pus
    dev.pus almost 12 years
    Sry, changed to return Crypto.randomBytes(256);.. still no salt in the mongodb document. I will check if this is a mongoose problem
  • dev.pus
    dev.pus almost 12 years
    Ok, set isn't triggered automaticly only if there really is a value for the attribute. I changed set: generateSalt to default: generateSalt. This works now. However is there a way to encode your salt as hex or base64?
  • dak
    dak over 11 years
    crypto.randomBytes(128).toString('base64');

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to encrypt data that needs to be decrypted in node.js?
node-rsa errors when trying to decrypt message with private key
Node.js - Set padding in crypto module
nodejs crypto module vs crypto-js
Node.js password hashing bcrypt alternative using crypto
Invalid key length in crypto.createCipheriv
NodeJS - SHA256 Password Encryption
Crypto algorithm list
How do I use Node.js Crypto to create a HMAC-SHA1 hash?
Storing passwords with Node.js and MongoDB