1
I am taking a course of Node.js and in this the tutor uses md5 to encrypt the password.. more read in some articles that md5 ñ is very safe.. which is the most recommended to use with Node.js?
Thank you!
1 answer
5
A good package for this type of action is the bcrypt, that generates passwords using salt.
The operation is simple. I will demonstrate using the following synchronous versions.
const bcrypt = require('bcryptjs');
const password = '123';
const salt = bcrypt.genSaltSync(10);
const hash = bcrypt.hashSync(password, salt);
// Guarde o `hash` na sua base de dados...
To check (compare) the hashes, use:
// Assumindo que `db_password` seja o hash encriptado no exemplo anterior:
const db_password = db.password; // Imagine que veio da base de dados.
bcrypt.compareSync('123', db_password); // Irá retornar true.
bcrypt.compareSync('456', db_password); // Irá retornar false.
To learn more and better understand how it works, I suggest you take a look at the Github repository README:
-
1
+1 to use
bcryptandsalt. I’ve usedbcryptnot only to encrypt the password, but all the sensitive user information (name, phone, etc.) and messages exchanged via chat. -
1
On the above comment, bcrypt should not be used to encrypt name, let alone phone chat messages. It is a one-way HASHING, IE, the only way to find the encrypted value is to "kick" the input value, as well as the password. Other than that, it is a costly algorithm compared to encryption algorithms.
Browser other questions tagged node.js cryptography passwords
You are not signed in. Login or sign up in order to post.
I believe that language does not interfere with the encryption to be used, at a glance in that question
– Costamilam