Select HASH Code SHA256 Nodejs

Question

Select HASH Code SHA256 Nodejs

Asked 4 years, 11 months ago

Viewed 327 times

0

How do I select the code for HASH in Nodejs?

I have a system made in another language with passwords encrypted with SHA256

The encryption function there is so:

#define HASH_CODE = 'WEASDSAEWEWAEAWEAWEWA';
SHA256_PassHash(HASH_CODE, password, 64);

The hash was here (for password 123): 8A8E0E514F3A1F3D160C58C99BC66C81A10256E6A3462002A53ADACAD6C43EAB

First parameter is the HASH code, the second is the value to be encrypted and the third is Base64

I was able to encrypt in Nodejs, but I don’t have control of the HASH code, so the systems don’t create the same HASH, as I do to select the HASH code when registering in Nodejs so that it can communicate with this other system?

const code = 'WEASDSAEWEWAEAWEAWEWA';
const normal = 'anne';
const crypto = require('crypto');
const encryptado = crypto
    .createHash('sha256')
    .update(normal)
    .digest('base64');
console.log(encryptado);

The hash was here (for password 123): 8A8E0E514F3A1F3D160C58C99BC66C81A10256E6A3462002A53ADACAD6C43EAB

An example of compatible code: login.php

<?php require_once('../mysql_conn.php'); ?> 
    <?php
    session_start();
    $HASH_SENHA = 'WEASDSAEWEWAEAWEAWEWA';

    if(isset($_SESSION['Username']))
    {
        header("location: ../myaccount.php");
        exit();
    } 
    if(isset($_POST['usr']) && isset($_POST['psw']) && isset($_POST['botao'])) 
    { 
        $usuario = mysqli_real_escape_string($MYSQL_CONNECT, $_POST['usr']);  
        $senha = strtoupper(hash("sha256", $_POST['psw'] . $HASH_SENHA));  
        $query = mysqli_query($MYSQL_CONNECT, "SELECT * FROM accounts WHERE Username='$usuario' AND Senha='$senha' LIMIT 1");  

        if(mysqli_num_rows($query) < 1)  
        {
            echo "<script type=\"text/javascript\">
                        alert('Incorrect Username or Password.');
                        window.location = '../login.php';
                  </script>";
            exit();
        }
        else 
        {
            //login efetuado 
            $dados = mysqli_fetch_assoc($query);  


            if (isset($_SESSION['loc'])) {
                header("location:".$_SESSION['loc']);
            }
            else header("location:../index.php");

        }  
    }
    ?>

According to your question there is no problem (ignoring the obvious security problems), but in both the result of the hash is equal, according to you. The two cases generate 8A8E0E514F3A1F3D160C58C99BC66C81A10256E6A3462002A53ADACAD6C43EAB.

– Inkeliz

2019/07/10 at 11:04
If your question is wrong, and Nodejs generates a different code, you have to concanete the code, as .update(normal + code).

– Inkeliz

2019/07/10 at 11:06

1 answer

Browser other questions tagged node.js sha-256

You are not signed in. Login or sign up in order to post.

by Gleidson Henrique • **442** points · Answer 1 · 2019-07-10T08:00:04+00:00

You may never be able to generate the same hash, as it is a different form of encryption. The question is to compare the hashes to see if they both deal with the same encrypted information. This type of encryption is different, for example, from MD5 that generates the same hash every time.

Another tip, instead of using bcrypt, use bcryptjs, for being faster and avoiding some problems. (I had trouble using them in lambda aws functions). I saw that you use another one still, if everything is ok with it, no problem. (but probably the code will change a little)

user-update.js

const bcrypt = require('bcryptjs')

// se receber a senha para atualização, atualize a mesma
if (user.password) user.password = bcrypt.hashSync(user.password, 10)

auth.js

const bcrypt = require('bcryptjs')
const jwt = require('jsonwebtoken')

if (userFromDB) {
    const { id } = userFromDB

    if (bcrypt.compareSync(password, userFromDB.password)) {
      const token = jwt.sign({ id }, 'your-secret')

      return response200({ token })
    }
  }

The code is not completely complete, because as I use lambda functions, and maybe you don’t, I just put the snippet to understand the functioning of bcryptjs.

Also, I use JWT for authentication. If you still don’t know how to do this, take a look at this tool because it is very interesting, maybe it helps you too.

If you still have any further questions, do not hesitate to ask.