Comments (9)
The desired salting functionality typically is done on/to the input before the hashing function is called. For a little background, see https://crackstation.net/hashing-security.htm
Just to nitpick terminology here, you're not encrypting when you use a hashing function, you're hashing. Encrypting means you can reverse the process to get your plaintext out which (hopefully) you cannot do with a hashing function.
from jssha.
You know what's funny? I read this question (http://stackoverflow.com/questions/9399400/what-does-update-method-of-messagedigest-do-and-what-is-base64encoder-meant-for) on Stack Overflow before I posted this issue. Point 1 of Answer 1 he says the same thing, that hashing != encryption, and I thought, "yeah yeah, I know this, reading on".
Still put encryption, must be a bad habit. Also, that's a good link, I've had it bookmarked myself for a few months.
Or I suppose the better question is how do I update the hash like MessageDigest does or hash_update in PHP? Full disclosure, I only understand hash updating enough to use it.
from jssha.
Or can this just not be done in JavaScript?
from jssha.
Salting can be achieved regardless of algorithm or language, you just have to mangle your input. If you wanted to salt the password "1234" with the salt "abcd" you could just hash the string "1234abcd." Take a look at the "The Basics: Hashing with Salt" section in the link I previously posted.
from jssha.
Sorry for being unspecific; I was referring to the rounds of hashing. It turns out I was right, it capped out the memory of my browser around 1835:
var shaObj = new jsSHA("Password" + salt, "TEXT");
var hash = shaObj.getHash("SHA-512", "B64");
for (var i = 0; i < 1835; i++) {
shaObj = new jsSHA(hash, "B64");
hash = shaObj.getHash("SHA-512", "B64");
}
from jssha.
I'm actually a little surprised it run out of memory unless the browser's garbage collector isn't kicking in.
from jssha.
Instantiating a new object in every loop is probably the most taxing part of the algorithm. At first, I believed it was the scope of the for loop, and I can create two for loops of 1000 rounds each, so 2000 is better than the 1835 I got before, but then it topped out again.
If you put this into the object internally, would it be able to perform more rounds of hashing (almost said encryption again... it just rolls off the tongue)?
from jssha.
This has actually turned into #7 which I've been putting off due to lack of free time. My schedule is freeing up next week so I'll put some thought to it.
My fear is that I'm going to have to make several semi-significant changes because I modify things in place.
from jssha.
Closing this as it's a dupe of #7
from jssha.
Related Issues (20)
- Method chaining when using `update` HOT 7
- Typescript build error HOT 2
- Types are packaged/exposed incorrectly HOT 2
- Feature request: HKDF would be nice HOT 1
- Feature Request: KangarooTwelve and MarsupilamiFourteen HOT 6
- ESM package for jssha HOT 1
- How to generate the SHA3-256 hash? HOT 1
- Encrypt sha256 in c# and make it the same key HOT 4
- 43106983S HOT 1
- setHMACKey with B64 HOT 4
- Error when i create jsSHA object HOT 24
- Performance HOT 12
- Package exports do not define a valid '.' target HOT 6
- Recreate internal state HOT 6
- SCRIPT:1002 Syntax Error HOT 3
- Question : How to reset / clear for another hash? HOT 2
- Installing this package via a <script> tag HOT 2
- Deno support documentation
- Reading custom amount of bytes with SHAKE HOT 2
- Incorrect project website in README.md HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jssha.