-
Notifications
You must be signed in to change notification settings - Fork 1
📰 Topic | Password Hashing by Aidan
I chose password hashing because our app requires a login and register system in order to work correctly and securely. password hashing helps keep the passwords of individual users save.
Hashing on it's own is a one-way function that scrambles data, it takes plain text (like a password or other classified data) and turns it into a completely different string of characters with a specific length; no matter the length of the password, the hash will always have the same character length.
I chose Bcrypt for hashing passwords because other hashing methods like SHA1 and MD5 are relatively weak forms of hashing (it's easier to crack). Bcrypt makes the hashing process more secure by adding 'salt'. The 'salt' adds a few random characters, that are known to nobody, to your password, and they are also run through a hashing function.
Code Examples
Here I hash the password that is in the plainTextPassword with 10 rounds of salt, 10 rounds of salt equals ~10 hashes/sec
const password = await bcrypt.hash(plainTextPassword, 10)
Here I compare the hash of the user who is trying to log in and the hash that is in the database. If they passwords match the user logs in to the homepage otherwise it will display a pop-up with "invalid username/password".
if (await bcrypt.compare(password, user.password))
Sources
- How To Safely Store A Password. (2010, 31 januari). Codahale.Com. https://codahale.com/how-to-safely-store-a-password/
- Scott, B. (2020, 17 augustus). Learning Password Security Jargon: Password Hashing. NordPass. https://nordpass.com/blog/password-hash/
- Gibbs, S. (2017, 15 mei). Passwords and hacking: the jargon of hashing, salting and SHA-2 explained. The Guardian. https://www.theguardian.com/technology/2016/dec/15/passwords-hacking-hashing-salting-sha-2
- npm: bcrypt. (2021, 26 februari). Npm. https://www.npmjs.com/package/bcrypt