Rounds of hashing? about jssha HOT 9 CLOSED

The desired salting functionality typically is done on/to the input before the hashing function is called. For a little background, see https://crackstation.net/hashing-security.htm

Just to nitpick terminology here, you're not encrypting when you use a hashing function, you're hashing. Encrypting means you can reverse the process to get your plaintext out which (hopefully) you cannot do with a hashing function.

from jssha.

You know what's funny? I read this question (http://stackoverflow.com/questions/9399400/what-does-update-method-of-messagedigest-do-and-what-is-base64encoder-meant-for) on Stack Overflow before I posted this issue. Point 1 of Answer 1 he says the same thing, that hashing != encryption, and I thought, "yeah yeah, I know this, reading on".

Still put encryption, must be a bad habit. Also, that's a good link, I've had it bookmarked myself for a few months.

Or I suppose the better question is how do I update the hash like MessageDigest does or hash_update in PHP? Full disclosure, I only understand hash updating enough to use it.

from jssha.

Or can this just not be done in JavaScript?

from jssha.

Salting can be achieved regardless of algorithm or language, you just have to mangle your input. If you wanted to salt the password "1234" with the salt "abcd" you could just hash the string "1234abcd." Take a look at the "The Basics: Hashing with Salt" section in the link I previously posted.

from jssha.

Sorry for being unspecific; I was referring to the rounds of hashing. It turns out I was right, it capped out the memory of my browser around 1835:

var shaObj = new jsSHA("Password" + salt, "TEXT");
var hash = shaObj.getHash("SHA-512", "B64");

for (var i = 0; i < 1835; i++) {
    shaObj = new jsSHA(hash, "B64");
    hash = shaObj.getHash("SHA-512", "B64");
}

from jssha.

I'm actually a little surprised it run out of memory unless the browser's garbage collector isn't kicking in.

from jssha.

Instantiating a new object in every loop is probably the most taxing part of the algorithm. At first, I believed it was the scope of the for loop, and I can create two for loops of 1000 rounds each, so 2000 is better than the 1835 I got before, but then it topped out again.

If you put this into the object internally, would it be able to perform more rounds of hashing (almost said encryption again... it just rolls off the tongue)?

from jssha.

This has actually turned into #7 which I've been putting off due to lack of free time. My schedule is freeing up next week so I'll put some thought to it.

My fear is that I'm going to have to make several semi-significant changes because I modify things in place.

from jssha.

Closing this as it's a dupe of #7

from jssha.