Password Hashing

Question

Password Hashing

Closed this issue 2 years ago · 2 comments

ThatsLiamS commented 2 years ago

To protect user data, passwords should be hashed (and salted) instead of being stored in cleartext.

Example solution

Create a hash.js file in src/util/
Call the hash file from both log_in and sign_up (in src/logIn.js)

A query will also be needed to format all current passwords stored in the database to the hash algorithm in hash.js

Answer 1 · 2022-05-24T15:23:48.000Z

From research, the package crypto seems to be a good solution.
Documentation: https://nodejs.org/api/crypto.html#class-hash

Example

const crypto = require('crypto');
const hash = crypto.createHash('md5');

const password = hash.update('Password2022').digest('hex');
console.log(password);
/* Password2022 => 666f0845b1e9461ef1e654555efdb137 */

Answer 2 · 2022-05-26T19:26:55.000Z

Enhancement has been added

The crypto hash method has been implemented into the project, along with a set of unit tests (test/registration.js)

Implemented feature into login/signup: 48c0381
Created hash.js and tests: 1c25ea0