Once you are in the browser, you can use PBKDF2. Dr.Helsing’s reply is completely useless for the purpose of "protecting the password".
PBKDF2 is supported by Webcrypto in any modern browser.
In general it would be something like:
// Essa informação é a senha, que deve vim de um `<input>` por exemplo:
let password = new TextEncoder().encode("password");
// Essa informação deve vim do banco de dados (ou derivado de outra entrada constante, que não seja a própria senha), isto deve ser única por usuário/senha:
let salt = new Uint8Array([1,2,3,4,5,6,7,8,9,10]).buffer;
// Essa informação é a dificuldade da derivação:
let iterations = 500000;
let algo = "SHA-512";
key = await window.crypto.subtle.importKey(
"raw",
password,
"PBKDF2",
false,
["deriveBits", "deriveKey"]
);
pbkdf2 = await window.crypto.subtle.deriveKey(
{"name":"PBKDF2", "salt": salt, "iterations": iterations, "hash": algo},
key,
{"name": "AES-CBC", "length": 256}, // Isso aqui é confusão do WebCrypto. Isso daqui é só para definir o tamanho final para 32bytes!
true,
["encrypt", "decrypt"],
);
// Aqui você tem o resultado, a senha derivada:
result = await window.crypto.subtle.exportKey(
"raw",
pbkdf2,
);
This way, your server will only have access to the derivation result, but will never have access to the clear-text password. This seems to be what you search for.
However, as mentioned in the comments, you should still derive back into your server. So basically the final build would be:
- User type "[email protected]"
- A) The algorithm uses e-mail (or a
HASH(seuemail)
) as salt
.
B) The server responds to salt
based on the email typed (query the database.
- User derives password using PBKDF2 (above code).
- The user sends the derived password (the
result
) to the server.
- The server performs a new shunt (for example,
Argon2(senha_do_passo_4)
).
- The server checks the generated password in step 5 against the information it has on the server.
There are some details you should take into consideration:
- You should not store the result (the
result
or the pre-image of the second derivation) as plain text in a database (or any other media).
- You should not reuse salt for multiple users.
- You MUST use TLS/SSL in communication (this is up to a requirement for Webcrypto in some browsers).
Some things that might catch your attention, like "sending salt to the user".
This is not a problem. You should consider that the only way to know if the password is correct is by ordering the server (there is no way to do this offline. As a consequence, make a PBKDF2(senha, salt)
or of senha
is at least equal (where PBKDF2 has a higher computational cost) and measures against exhaustive search are equally applied to both cases. That is, reveal the salt
from the email does not imply any problem other than using the "traditional login method".
You can also encrypt your password using AES/Salsa20/Chacha20, some services have recently started doing this (such as Facebook, Tiktok and I think that and Youtube too). Facebook uses Libsodium, which uses Salsa20.
I’m not sure yet why they do this, assuming they already use TLS/SSL, but.... they do. You can also do this, but keep in mind that you should derive/hash the password again on the server side, anyway.
http://stunnix.com/prod/jo/ Have a look at this site
– DbaAlone
http://www.javascriptobfuscator.com/
– DbaAlone
Are you sure you need this? Traffic is no longer encrypted? You want something we don’t know?
– Maniero
These things should be put on the server and not on the client...
– Maury Developer
Speaks @Maniero all too well ? I understand, but is it correct to leave the password saved in the bank without any encryption ? I am trying to encrypt the password for comparison in Webservice with the password that is saved in the bank, thus making the user validation.
– Gabriel Silva
Encrypt there, and in the right way. Who’s to say that the password will be encrypted the way you expect it to be? https://answall.com/q/2402/101. You are making the same mistake: https://answall.com/q/13298/101
– Maniero
Thanks, I managed to clear up more ideas
– Gabriel Silva