NodeJS - SHA256密码加密 [英] NodeJS - SHA256 Password Encryption

问题描述

我目前正在了解NodeJS中的加密和密码安全。我正在使用当前使用PBKDF2的示例，我想切换到使用SHA256。这是可能和/或有意义吗？我将如何处理？

I'm currently learning about encryption and password safety in NodeJS. I'm working with a current example that currently is using PBKDF2, I'd like to switch this out to use SHA256 instead. Is this possible and/or make sense? How would I go about it?

var crypto = require('crypto');

var len = 128;

var iterations = 13000;

module.exports = function (pwd, salt, fn) {
  if (3 == arguments.length) {
    crypto.pbkdf2(pwd, salt, iterations, len, fn);
  } else {
    fn = salt;
    crypto.randomBytes(len, function(err, salt){
      if (err) return fn(err);
      salt = salt.toString('base64');
      crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
        if (err) return fn(err);
        fn(null, salt, hash);
      });
    });
  }
};

推荐答案

如果想要生成 sha256 散列，那么你必须删除iterations和length属性，因为它们特定于 pbkdf2 。然后，您将使用 crypto.createHash（），它使用OpenSSL来生成散列。也就是说，您可以生成的哈希类型取决于您安装的OpenSSL的版本。

If wanted to generate sha256 hashes, then you'd have to drop the iterations and length property as those are specific to pbkdf2. You would then use crypto.createHash() which uses OpenSSL to generate hashes. That being said, the types of hashes you can generate are dependent on the version of OpenSSL that you have installed.

var crypto = require('crypto');
var hash = crypto.createHash('sha256').update(pwd).digest('base64');

您的具体实现可能如下所示：

Your specific implementation might look like this:

var crypto = require('crypto');
module.exports = function(pwd, fn) {
  var hash = crypto.createHash('sha256').update(pwd).digest('base64');
  fn(null, hash);
};

这篇关于NodeJS - SHA256密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！