Learn Simpli

Free Online Tutorial For Programmers, Contains a Solution For Question in Programming. Quizzes and Practice / Company / Test interview Questions.

Node js complete tutorial for beginners

Good Hash algorithms in nodeJS

no Comments

Good Hash algorithms in nodeJS

Introduction
Hash algorithms are used to protect the password, card, other sensitive information
Following are the widely used
  1. MD5
  2. SHA-256
  3. Argon2
  4. PBKDF2
  5. scrypt
  6. bcrypt
MD5:
  1. MD5 stands for message digest
  2. Rainbow table problem exists
  3. Brute force and reverse output is not much more difficult
  4. Let’s create a hash with md5
const crypto = require('crypto');
let password = "password";

let encryptedPassword = crypto.createHash('md5').update(password).digest("hex");
console.log(encryptedPassword);
// outputs encrypted string
SHA-256:
  1. SHA-256 is more secure than the MD5
  2. Let’s create a hash with SHA-256
  3. Has low chance of collisions
  4. Brute force and reverse output is more difficult than MD5
  5. Rainbow table problem exists
const crypto = require('crypto');
let password = "password";
let encryptedPassword = crypto.createHash('sha256').update(password).digest('hex');
console.log(encryptedPassword);
// outputs encrypted string
argon2:
  1. Argon2d maximizes resistance to GPU cracking attacks
  2. Argon2i is optimized to resist side-channel attacks
  3.  It accesses the memory array in a password dependent order, which reduces the possibility of a time-memory trade-off (TMTO)
  4. Let’s create a hash with argon2
// Create a hash 
const argon2 = require('argon2');
const getHash = async (password) => {
    try {
        const encryptedPassword = await argon2.hash(password);
        console.log(encryptedPassword);
    } catch (err) {
    }
}
let password = 'password';
getHash(password);
//  Outputs hash string
PBKDF2:
  1. PBKDF2 is part of RSA Laboratories’ Public-Key Cryptography Standards (PKCS) series
  2. PBKDF2 applies a pseudorandom function
  3. Adds salt value
  4. Repeats the process many times to produce a derived key
  5. The derived key can then be used as a cryptographic key in subsequent operations
  6.  The added computational work makes password cracking much more difficult, and is known as key stretching
  7. Syntax: DK = PBKDF2(PRF, Password, Salt, c, dkLen)
  8. PRF is a pseudorandom function of two parameters with output length hLen (e.g., a keyed HMAC)
  9. Password is the master password from which a derived key is generated
  10. Salt is a sequence of bits, known as a cryptographic salt
  11. c is the number of iterations desired
  12. dkLen is the desired bit-length of the derived key
  13. DK is the generated derived key
const pbkdf2 = require('pbkdf2');
const derivedKey = pbkdf2.pbkdf2Sync('password', 'salt', 1, 32, 'sha512');
const encryptedPassword = derivedKey.toString('hex');
console.log(encryptedPassword);
//  Outputs hash string
scrypt:
  1. Scrypt is an advanced crypto library used mainly for key derivation
  2. It is intended to be costly computationally plus memory-wise
  3. Brute-force attacks are made unsuccessful
  4. Syntax: crypto.scrypt( password, salt, keylen, options, callback )
  5. Adds salt value
var crypto = require('crypto');
crypto.scrypt('nodejs', 'scrypt', 32, (err, derivedKey) => {
    if (err) throw err;
    const encryptedPassword = derivedKey.toString('hex');
    console.log(encryptedPassword);
});
//  Outputs hash string
bcrypt:
  1. Adds salt value
  2. Brute-force attacks are made unsuccessful
const bcrypt = require('bcrypt');
const saltRounds = 20;
const password = 'password';
bcrypt.genSalt(saltRounds, function (err, salt) {
    bcrypt.hash(password, salt, function (err, hash) {
        console.log(hash)
    });
});
// Outputs hash string