-
Notifications
You must be signed in to change notification settings - Fork 0
🔒Password Hashing Aidan Omwando
I chose password hashing because our app requires a login and register system in order to work correctly and securely. password hashing helps keep the passwords of individual users save.
Hashing on it's own is a one-way function that scrambles data, it takes plain text (like a password or other classified data) and turns it into a completely different string of characters with a specific length; no matter the length of the password, the hash will always have the same character length.
I chose Argon2 because Bcrypt had a build error and Bcrypt.js had a build that was failing, as a result my lecturer advised me to look for an alternative and the module that resembles Bcrypt the most is Argon2. Like Bcrypt Argon2 uses "Salt" which adds a few random characters, that are unknown, to your password, in addition they are run through a hashing function.
Here I hash the password that is in the password with the hashLength of 10 characters. NOTE The salt is automatically applied.
const argon2 = require('argon2');
try {
const hash = await argon2.hash("password", {hashLength: 10});
} catch (err) {
//...
}
To verify a password that is stored in a database or array.
try {
if (await argon2.verify("<big long hash>", "password")) {
// password match
} else {
// password did not match
}
} catch (err) {
// internal failure
}
Wiki for Blok Tech | Maijla Ikiz | Juliette Groot | Aidan Omwando | Tejo van der Burg | TECH2 |