How to create random-salt-hash with crypto
41,057
A quick look at the documentation turns up the crypto.randomBytes
function.
var buf = crypto.randomBytes(16);
This returns a buffer containing raw bytes. If you want a string, you can use toString('base64')
or toString('hex')
.
Author by
dev.pus
Updated on June 27, 2020Comments
-
dev.pus almost 4 years
I want to create a salt-hash using node.js crypto lib without having to parse any hardcoded data.
What do I mean with hardcoded?
var salt, hardcodedString = "8397dhdjhjh"; crypto.createHmac('sha512', hardcodedString).update(salt).digest("base64");
Isn't there any other way how I can create a random string without using raw javascript, random functions or hardcoding something?
Regards
UPDATE
var Crypto = require('crypto') , mongoose = require('mongoose'); module.exports = mongoose.model('User', new mongoose.Schema({ username: { type: String , required: true , index: { unique: true, sparse: true } , set: toLower }, email: { type: String , required: true , index: { unique: true, sparse: true } , set: toLower }, salt: { type: String , set: generateSalt }, password: { type: String , set: encodePassword } }),'Users'); function toLower(string) { return string.toLowerCase(); } function generateSalt() { //return Math.round((new Date().valueOf() * Math.random())) + ''; Crypto.randomBytes('256', function(err, buf) { if (err) throw err; return buf; }); // return Crypto.randomBytes('256'); // fails to } function encodePassword(password) { return password; // TODO: setter has no access to this.salt //return Crypto.createHmac('sha512', salt).update(password).digest("base64"); } function authenticate(plainPassword) { return encodePassword(plainPassword) === this.password; }
-
CodesInChaos almost 12 yearsWhy are you quoting the number? And 256 bytes is a bit long for a salt, the 256 in my post is just quotes from the example.
-
dev.pus almost 12 yearsSry, changed to return Crypto.randomBytes(256);.. still no salt in the mongodb document. I will check if this is a mongoose problem
-
dev.pus almost 12 yearsOk, set isn't triggered automaticly only if there really is a value for the attribute. I changed set: generateSalt to default: generateSalt. This works now. However is there a way to encode your salt as hex or base64?
-
dak over 11 yearscrypto.randomBytes(128).toString('base64');