Password Hashing
Closed this issue · 2 comments
ThatsLiamS commented
To protect user data, passwords should be hashed (and salted) instead of being stored in cleartext.
Example solution
- Create a hash.js file in
src/util/
- Call the hash file from both log_in and sign_up (in
src/logIn.js
)
A query will also be needed to format all current passwords stored in the database to the hash algorithm in hash.js
ThatsLiamS commented
From research, the package crypto
seems to be a good solution.
Documentation: https://nodejs.org/api/crypto.html#class-hash
Example
const crypto = require('crypto');
const hash = crypto.createHash('md5');
const password = hash.update('Password2022').digest('hex');
console.log(password);
/* Password2022 => 666f0845b1e9461ef1e654555efdb137 */
ThatsLiamS commented