Skip to content
Newer
Older
100644 83 lines (51 sloc) 3.85 KB
b2cd044 @Marak updating docs
authored Jul 21, 2010
1 #node_hash - a super simple hashing library for node.js
e81c48e @Marak updating docs
authored Jul 21, 2010
2 ## supports md5, sha1, sha256, sha512, ripemd160
67c8813 @Marak added readme, licenses and lib
authored Jul 20, 2010
3
d8c613f @Marak Updated ReadMe, moved logo into repo
authored Jan 28, 2011
4 <img border = "0" src = "https://github.com/Marak/node_hash/raw/master/logo.jpg"/>
39ce244 @Marak added image
authored Jul 21, 2010
5
560c4be @Marak updating docs
authored Jul 21, 2010
6 ##what is a hash?
7
8 a "hash algorithm" is a one-way mathematical equation that takes in an arbitrary length input and produces a fixed length output string. the output of this algorithm is called a "hash value" and is a unique and extremely compact numerical representation of the original input.
9
e81c48e @Marak updating docs
authored Jul 21, 2010
10 ##why bother hashing?
11
12 there are many reasons for hashing and many detailed explanations on the web. i'll illustrate one very simple example and why I am currently using this library.
13
14 imagine you had a database that stored user accounts with passwords. anyone who got access to your database, would have access to the passwords of all your users. many people utilize the same password across many services, so their entire online identity could be compromised.
15
9b1ce0b @Marak updating docs
authored Jul 21, 2010
16 even if you have your database fully protected from outside intruders, you can still be at risk. imagine you were running a development shop and required a minor schema change for your users table. this task could be delegated to a junior developer or contractor, but since your passwords are stored in plain text you've just given the passwords of your entire user base to a low-level employee.
e81c48e @Marak updating docs
authored Jul 21, 2010
17
18 ##how would hashing help this problem?
19
20 instead of storing your user's password as plaintext, you could perform a hash on the password before being storing it in your database.
21
560c4be @Marak updating docs
authored Jul 21, 2010
22 now, instead of seeing a human readable format, you will see an obfuscated string representing the hash of your password.
e81c48e @Marak updating docs
authored Jul 21, 2010
23
24 everytime you want to check if a value matches that hash (in this case, perhaps a login form handler), you can simply call the same hashing method on that value and compare it to the value in your database. if the hashes match, the passwords match.
25
d8c613f @Marak Updated ReadMe, moved logo into repo
authored Jan 28, 2011
26 you can also provide an optional "salt" that will further encrypt your password, making it even harder to reverse / crack. you should use a unique salt for every password and store that salt.
e81c48e @Marak updating docs
authored Jul 21, 2010
27
28 ##usage
29
30 var sys = require('sys'),
31 hash = require('./lib/hash');
32
33 // a user's password, hash this please
34 var user_password = "password";
35
d8c613f @Marak Updated ReadMe, moved logo into repo
authored Jan 28, 2011
36 // don't expose your salt ( you should use a new salt for every password )
e81c48e @Marak updating docs
authored Jul 21, 2010
37 var salt = "sUp3rS3CRiT$@lt";
38
39
40 /****** md5 ******/
e1ae79c @Marak updated docs
authored Jul 21, 2010
41 var md5 = hash.md5(user_password);
e81c48e @Marak updating docs
authored Jul 21, 2010
42 sys.puts(md5);
43
e1ae79c @Marak updated docs
authored Jul 21, 2010
44 var salted_md5 = hash.md5(user_password, salt);
e81c48e @Marak updating docs
authored Jul 21, 2010
45 sys.puts(salted_md5);
46
47 /****** sha1 ******/
e1ae79c @Marak updated docs
authored Jul 21, 2010
48 var sha1 = hash.sha1(user_password);
e81c48e @Marak updating docs
authored Jul 21, 2010
49 sys.puts(sha1);
50
e1ae79c @Marak updated docs
authored Jul 21, 2010
51 var salted_sha1 = hash.sha1(user_password, salt);
e81c48e @Marak updating docs
authored Jul 21, 2010
52 sys.puts(salted_sha1);
53
54 /****** sha256 ******/
e1ae79c @Marak updated docs
authored Jul 21, 2010
55 var sha256 = hash.sha256(user_password);
e81c48e @Marak updating docs
authored Jul 21, 2010
56 sys.puts(sha256);
57
e1ae79c @Marak updated docs
authored Jul 21, 2010
58 var salted_sha256 = hash.sha256(user_password, salt);
e81c48e @Marak updating docs
authored Jul 21, 2010
59 sys.puts(salted_sha256);
60
61 /****** sha512 ******/
e1ae79c @Marak updated docs
authored Jul 21, 2010
62 var sha512 = hash.sha512(user_password);
e81c48e @Marak updating docs
authored Jul 21, 2010
63 sys.puts(sha512);
64
e1ae79c @Marak updated docs
authored Jul 21, 2010
65 var salted_sha512 = hash.sha512(user_password, salt);
e81c48e @Marak updating docs
authored Jul 21, 2010
66 sys.puts(salted_sha512);
67
68 /****** ripemd160 ******/
e1ae79c @Marak updated docs
authored Jul 21, 2010
69 var ripemd160 = hash.ripemd160(user_password);
e81c48e @Marak updating docs
authored Jul 21, 2010
70 sys.puts(ripemd160);
71
e1ae79c @Marak updated docs
authored Jul 21, 2010
72 var salted_ripemd160 = hash.ripemd160(user_password, salt);
e81c48e @Marak updating docs
authored Jul 21, 2010
73 sys.puts(salted_ripemd160);
74
75 ## faq
14a42c1 @chilts Update crypto links for the new layout on nodejs.org
chilts authored May 7, 2012
76 **why not use the node.js <a href = "http://nodejs.org/docs/latest/api/crypto.html">crypto library</a> instead?**
e81c48e @Marak updating docs
authored Jul 21, 2010
77
14a42c1 @chilts Update crypto links for the new layout on nodejs.org
chilts authored May 6, 2012
78 *node_hash DOES use the built in node.js <a href = "http://nodejs.org/docs/latest/api/crypto.html">crypto</a> library, we are just wrapping it for easy use*
e81c48e @Marak updating docs
authored Jul 21, 2010
79
80 **why doesn't node_hash do X (binary, base64, streaming, etc)?**
81
14a42c1 @chilts Update crypto links for the new layout on nodejs.org
chilts authored May 6, 2012
82 *node_hash is meant as a very simple library for hashing text with optional salts in the most common encryption algorithms. if you need finer tuned control, you should be using the <a href = "http://nodejs.org/docs/latest/api/crypto.html">crypto</a> module directly*
Something went wrong with that request. Please try again.