We cannot directly store user password in the database.
What need to do is creating a hashed & salted string which reperstanting the user password.
This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.
var crypto = require(‘crypto‘); var password = "monkey"; // randomBytes: generate a salt pre user, salt should be stored with hashed password in the database crypto.randomBytes(256, function(err, salt) { // pbkdf2: combine the salt the hash password algorithm, to generate a safe password crypto.pbkdf2(password, salt, 100000, 512, ‘sha256‘, function(err, hash) { console.log("The result of hashing " + password + " is:\n\n" + hash.toString(‘hex‘) + "\n\n"); }); });
时间: 2024-12-20 16:38:09