[Web Security] Create a hash salt password which can stored in DB
2024-08-25 16:31:04
We cannot directly store user password in the database.
What need to do is creating a hashed & salted string which reperstanting the user password.
This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.
var crypto = require('crypto');
var password = "monkey";
// randomBytes: generate a salt pre user, salt should be stored with hashed password in the database
crypto.randomBytes(, function(err, salt) {
// pbkdf2: combine the salt the hash password algorithm, to generate a safe password
crypto.pbkdf2(password, salt, , , 'sha256',
function(err, hash) {
console.log("The result of hashing " + password + " is:\n\n" +
hash.toString('hex') + "\n\n");
});
});
最新文章
- ASP.NET Core的配置(4):多样性的配置来源[下篇]
- iOS---用Application Loader 上传的时候报错No suitable application records were found. Verify your bundle identifier 'xx' is correct
- Socket
- aop测试jdk代理机制
- eclipse一直卡住,出现 “android sdk content loader 0%” 卡住的错误分析及解决方法
- Linux文件管理命令
- 27、oracle(三)
- 深入浅出ExtJS 第二章 Ext框架基础
- MYSQL 5.7 新增150多个新功能
- Android UI设计系统---LayoutParams[转]
- Asp.net笔记(1)
- 《TCP/IP详细解释》札记(23章)-TCP该保活定时器
- html自定义调控
- mysql随笔
- 用分支限界法解决人员安排问题(Personnel assignment problem)
- 如何解决svn清理失败 不能更新 cleanup失败 cleanup乱码 更新乱码 svn更新提示清理 清理乱码不能清理 svn故障修复SVN cleanup 陷入死循环 svn cleanup时遇到错误怎么办
- linux内核源码目录结构分析
- 51Nod1367 完美森林 贪心
- Android_编程开发规范
- Linux内核剖析(四)为arm内核构建源码树