node.js hash string?
Solution 1
Take a look at crypto.createHash(algorithm)
var filename = process.argv[2];
var crypto = require('crypto');
var fs = require('fs');
var md5sum = crypto.createHash('md5');
var s = fs.ReadStream(filename);
s.on('data', function(d) {
md5sum.update(d);
});
s.on('end', function() {
var d = md5sum.digest('hex');
console.log(d + ' ' + filename);
});
Solution 2
If you just want to md5 hash a simple string I found this works for me.
var crypto = require('crypto');
var name = 'braitsch';
var hash = crypto.createHash('md5').update(name).digest('hex');
console.log(hash); // 9b74c9897bac770ffc029102a200c5de
Solution 3
Node's crypto module API is still unstable.
As of version 4.0.0, the native Crypto module is not unstable anymore. From the official documentation:
Crypto
Stability: 2 - Stable
The API has proven satisfactory. Compatibility with the npm ecosystem is a high priority, and will not be broken unless absolutely necessary.
So, it should be considered safe to use the native implementation, without external dependencies.
For reference, the modules mentioned bellow were suggested as alternative solutions when the Crypto module was still unstable.
You could also use one of the modules sha1 or md5 which both do the job.
$ npm install sha1
and then
var sha1 = require('sha1');
var hash = sha1("my message");
console.log(hash); // 104ab42f1193c336aa2cf08a2c946d5c6fd0fcdb
or
$ npm install md5
and then
var md5 = require('md5');
var hash = md5("my message");
console.log(hash); // 8ba6c19dc1def5702ff5acbf2aeea5aa
(MD5 is insecure but often used by services like Gravatar.)
The API of these modules won't change!
Solution 4
sha256("string or binary");
I experienced issue with other answer. I advice you to set encoding argument to binary
to use the byte string and prevent different hash between Javascript (NodeJS) and other langage/service like Python, PHP, Github...
If you don't use this code, you can get a different hash between NodeJS and Python...
How to get the same hash that Python, PHP, Perl, Github (and prevent an issue) :
NodeJS is hashing the UTF-8 representation of the string. Other languages (like Python, PHP or PERL...) are hashing the byte string.
We can add binary argument to use the byte string.
Code :
const crypto = require("crypto");
function sha256(data) {
return crypto.createHash("sha256").update(data, "binary").digest("base64");
// ------ binary: hash the byte string
}
sha256("string or binary");
Documentation:
- crypto.createHash(algorithm[, options]): The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform.
- hash.digest([encoding]): The encoding can be 'hex', 'latin1' or 'base64'. (base 64 is less longer).
You can get the issue with : sha256("\xac"), "\xd1", "\xb9", "\xe2", "\xbb", "\x93", etc...
Other languages (like PHP, Python, Perl...) and my solution with
.update(data, "binary")
:sha1("\xac") //39527c59247a39d18ad48b9947ea738396a3bc47
Nodejs by default (without binary) :
sha1("\xac") //f50eb35d94f1d75480496e54f4b4a472a9148752
Solution 5
Simple One Liners:
If you want UTF8 text hash:
const hash = require('crypto').createHash('sha256').update('Hash me', 'utf8').digest('hex');
If you want to get the same hash with Python, PHP, Perl, Github:
const hash = require('crypto').createHash('sha256').update('Hash me', 'binary').digest('hex');
You can also replace 'sha256'
with 'sha1'
, 'md5'
, 'sha256'
, 'sha512'
Harry
Updated on July 08, 2022Comments
-
Harry almost 2 years
I have a string that I want to hash. What's the easiest way to generate the hash in node.js?
The hash is for versioning, not security.
-
balupton almost 12 yearsWoot woot, if you do
require('crypto').createHash('md5').update(STRING_TO_BE_HASHED).digest("hex")
you got a one-liner. Cheers mate! -
Valjas about 11 yearsI think it's much easier and efficient to utilize Crypto rather than bringing in a whole new module.
-
pvorb about 11 yearsFrom the current Node.js docs: "Stability: 2 - Unstable; API changes are being discussed for future versions. Breaking changes will be minimized." The API of my module won't change. When I initially wrote the module, there was no
crypto
module built into the platform. Another advantage is that you can use my module on the server as well as the client side. But it is totally up to you, what library you use. -
Max about 11 yearsWas getting some issues using
.update
multiple times (github.com/joyent/node/issues/749) when trying to usetimbooo
's solution, using the one-liner fixed it (because the hash object is recreated every time). -
GJK almost 11 yearsThe build in Crypto hashes kept giving me the 'hash update failed' BS. Finally I moved to the MD5 module and it worked just fine. Also easier to call (slightly). Thank you.
-
Geek Stocks over 10 years+1 for an option that stays away from the (2) - Unstable nature of the Crypto API!
-
Bartvds over 10 yearsI've fixed a weird sha1 problem on node 0.11.x on my Windows machine by swapping the standard crypto use for this module.
-
Robert Levy about 10 yearsit's marked as stable now, should probably delete this answer
-
pvorb about 10 years@RobertLevy Where's that info from? The official docs still say it's unstable
-
Jake Cobb almost 10 yearsIn the v0.6.18 docs linked in @timbooo's answer, it's marked as Stable (3). The current (v0.10.29) docs show Unstable (2).
-
pvorb almost 10 years@JakeCobb Yes. I added that reason after writing the initial answer.
-
Con Antonakos about 9 yearsThe
require('MD5')
module declares it being insecure. Can we still have confidence in using it? -
pvorb about 9 yearsDo you mean the statement "Warning: MD5 is an insecure hashing algorithm. Don't use it unless you know what you are doing!" in the project README? This is about MD5 being an insecure hashing algorithm (see the security section of the Wikipedia article for MD5). The library is compliant to the standard though and very stable.
-
pvorb about 9 yearsI removed that statement since it is misleading about the quality of the software.
-
DucRP almost 9 yearsWhat is the s.on() function doing? Is it registering the md5sum.update(d) function to execute every time there is data being read from the ReadStream?
-
Mikel almost 9 yearsAny way to change the length of the string? Not only 32 characters, 64 or 128 or a different number.
-
Frank Nocke over 8 years@YoniDor Did you try fs.readsync? — Digesting in a classic while-loop, then be sure that it's done... ➝ stackoverflow.com/a/21219407/444255
-
Ties almost 8 years@Mikel try if there are other hash algorithms that suit your needs, md5 is always 32 characters.
-
vitor_gaudencio_oliveira almost 8 years"MD5" is deprecated, you have to use "md5" (lowercase) instead. Example:
$ npm install md5
-
pvorb almost 8 years@vitor_gaudencio_oliveira Thanks for the note. I updated the answer.
-
balupton over 7 yearsWhat do the
RSA-
prefixes do? -
blimpse over 6 yearsOP wants to hash a string, not a file.
-
Michael over 5 yearsIf I have lots of strings to hash, it is less efficient to keep calling crypto.createHash instead of somehow re-using the result?
-
Gabriel Augusto almost 3 yearsHi ! How can I make the opposite? Given a certain hash and a certain string, check if the string is equal the hash
-
RedGuy11 almost 3 yearsisnt md5 deprecated and insecure?
-
Maf almost 3 yearsThanks for editing @marc_s. Feel free to do so.
-
KyleFarris over 2 years@RedGuy11 It's not deprecated at all. It IS very insecure for hashing passwords but there are many other use cases for hashing other than passwords. For example, creating MD5 checksums for files.
-
Curcuma_ over 2 years@balupton one liners come with a huge cost
-
Bruno Peixoto about 2 yearsHow do I convert back the hash to the string? :(