本文翻译自:node.js hash string?
I have a string that I want to hash. 我有一个要哈希的字符串。 What's the easiest way to generate the hash in node.js? 在node.js中生成哈希的最简单方法是什么?
The hash is for versioning, not security. 哈希用于版本控制,而非安全性。
#1楼
参考:https://stackoom.com/question/OfJS/node-js哈希字符串
#2楼
If you just want to md5 hash a simple string I found this works for me. 如果您只想对md5哈希一个简单的字符串,我发现这对我有用。
var crypto = require('crypto');
var name = 'braitsch';
var hash = crypto.createHash('md5').update(name).digest('hex');
console.log(hash); // 9b74c9897bac770ffc029102a200c5de
#3楼
Node's crypto module API is still unstable. Node的加密模块API仍然不稳定。
As of version 4.0.0, the native Crypto module is not unstable anymore. 从4.0.0版开始,本地Crypto模块不再不稳定。 From the official documentation : 从官方文档中 :
Crypto 加密货币
Stability: 2 - Stable 稳定性:2-稳定
The API has proven satisfactory. 该API已证明令人满意。 Compatibility with the npm ecosystem is a high priority, and will not be broken unless absolutely necessary. 与npm生态系统的兼容性是当务之急,除非绝对必要,否则不会破坏兼容性。
So, it should be considered safe to use the native implementation, without external dependencies. 因此,在没有外部依赖的情况下使用本机实现应该被认为是安全的。
For reference, the modules mentioned bellow were suggested as alternative solutions when the Crypto module was still unstable. 作为参考,当加密模块仍然不稳定时,下面提到的模块被建议作为替代解决方案。
You could also use one of the modules sha1 or md5 which both do the job. 您也可以使用模块sha1或md5之一来完成此任务。
$ npm install sha1
and then 然后
var sha1 = require('sha1');
var hash = sha1("my message");
console.log(hash); // 104ab42f1193c336aa2cf08a2c946d5c6fd0fcdb
or 要么
$ npm install md5
and then 然后
var md5 = require('md5');
var hash = md5("my message");
console.log(hash); // 8ba6c19dc1def5702ff5acbf2aeea5aa
(MD5 is insecure but often used by services like Gravatar.) (MD5不安全,但经常被Gravatar等服务使用。)
The API of these modules won't change! 这些模块的API不会改变!
#4楼
Here you can benchmark all supported hashes on your hardware, supported by your version of node.js. 在这里,您可以在您的硬件上对所有受支持的哈希进行基准测试,并由您的node.js版本支持。 Some are cryptographic, and some is just for a checksum. 有些是加密的,有些仅用于校验和。 Its calculating "Hello World" 1 million times for each algorithm. 它为每种算法计算“ Hello World”一百万次。 It may take around 1-15 seconds for each algorithm (Tested on the Standard Google Computing Engine with Node.js 4.2.2). 每种算法可能需要1到15秒左右的时间(在带有Node.js 4.2.2的标准Google计算引擎上测试)。
for(var i1=0;i1<crypto.getHashes().length;i1++){
var Algh=crypto.getHashes()[i1];
console.time(Algh);
for(var i2=0;i2<1000000;i2++){
crypto.createHash(Algh).update("Hello World").digest("hex");
}
console.timeEnd(Algh);
}
Result: 结果:
DSA: 1992ms DSA:1992ms
DSA-SHA: 1960ms DSA-SHA:1960ms
DSA-SHA1: 2062ms DSA-SHA1:2062ms
DSA-SHA1-old: 2124ms DSA-SHA1旧:2124ms
RSA-MD4: 1893ms RSA-MD4:1893ms
RSA-MD5: 1982ms RSA-MD5:1982ms
RSA-MDC2: 2797ms RSA-MDC2:2797ms
RSA-RIPEMD160: 2101ms RSA-RIPEMD160:2101ms
RSA-SHA: 1948ms RSA-SHA:1948ms
RSA-SHA1: 1908ms RSA-SHA1:1908ms
RSA-SHA1-2: 2042ms RSA-SHA1-2:2042ms
RSA-SHA224: 2176ms RSA-SHA224:2176ms
RSA-SHA256: 2158ms RSA-SHA256:2158ms
RSA-SHA384: 2290ms RSA-SHA384:2290ms
RSA-SHA512: 2357ms RSA-SHA512:2357ms
dsaEncryption: 1936ms dsaEncryption:1936ms
dsaWithSHA: 1910ms dsaWithSHA:1910ms
dsaWithSHA1: 1926ms dsaWithSHA1:1926ms
dss1: 1928ms dss1:1928ms
ecdsa-with-SHA1: 1880ms ecdsa-with-SHA1:1880毫秒
md4: 1833ms md4:1833毫秒
md4WithRSAEncryption: 1925ms md4WithRSAEncryption:1925ms
md5: 1863ms md5:1863毫秒
md5WithRSAEncryption: 1923ms md5WithRSAEncryption:1923ms
mdc2: 2729ms mdc2:2729ms
mdc2WithRSA: 2890ms mdc2WithRSA:2890ms
ripemd: 2101ms 熟女:2101ms
ripemd160: 2153ms maturemd160:2153ms
ripemd160WithRSA: 2210ms maturemd160WithRSA:2210ms
rmd160: 2146ms rmd160:2146ms
sha: 1929ms 沙:1929ms
sha1: 1880ms sha1:1880毫秒
sha1WithRSAEncryption: 1957ms sha1WithRSAEncryption:1957ms
sha224: 2121ms sha224:2121ms
sha224WithRSAEncryption: 2290ms sha224WithRSAEncryption:2290ms
sha256: 2134ms sha256:2134ms
sha256WithRSAEncryption: 2190ms sha256WithRSA加密:2190ms
sha384: 2181ms sha384:2181ms
sha384WithRSAEncryption: 2343ms sha384WithRSA加密:2343ms
sha512: 2371ms sha512:2371ms
sha512WithRSAEncryption: 2434ms sha512WithRSAEncryption:2434ms
shaWithRSAEncryption: 1966ms shaWithRSAEncryption:1966ms
ssl2-md5: 1853ms ssl2-md5:1853ms
ssl3-md5: 1868ms ssl3-md5:1868ms
ssl3-sha1: 1971ms ssl3-sha1:1971ms
whirlpool: 2578ms 漩涡:2578ms
#5楼
Considering the thoughts from http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/ (in short: FIRST encrypt, THEN authenticate. Afterwards FIRST verify, THEN decrypt) I have implemented the following solution in node.js: 考虑到http://www.thoughtcrime.org/blog/the-cryptographic-doom-principle/的想法(总之:先加密,然后进行身份验证。先进行验证,然后解密),我在节点中实现了以下解决方案。 js:
function encrypt(text,password){
var cipher = crypto.createCipher(algorithm,password)
var crypted = cipher.update(text,'utf8','hex')
crypted += cipher.final('hex');
return crypted;
}
function decrypt(text,password){
var decipher = crypto.createDecipher(algorithm,password)
var dec = decipher.update(text,'hex','utf8')
dec += decipher.final('utf8');
return dec;
}
function hashText(text){
var hash = crypto.createHash('md5').update(text).digest("hex");
//console.log(hash);
return hash;
}
function encryptThenAuthenticate(plainText,pw)
{
var encryptedText = encrypt(plainText,pw);
var hash = hashText(encryptedText);
return encryptedText+"$"+hash;
}
function VerifyThenDecrypt(encryptedAndAuthenticatedText,pw)
{
var encryptedAndHashArray = encryptedAndAuthenticatedText.split("$");
var encrypted = encryptedAndHashArray[0];
var hash = encryptedAndHashArray[1];
var hash2Compare = hashText(encrypted);
if (hash === hash2Compare)
{
return decrypt(encrypted,pw);
}
}
It can be tested with: 可以使用以下方法进行测试:
var doom = encryptThenAuthenticate("The encrypted text",user.cryptoPassword);
console.log(VerifyThenDecrypt(doom,user.cryptoPassword));
Hope this helps :-) 希望这可以帮助 :-)
#6楼
sha256("string or binary");
I experienced issue with other answer. 我遇到了其他答案的问题。 I advice you to set encoding argument to binary to use the byte string and prevent different hash between Javascript (NodeJS) and other langage/service like Python, PHP, Github... 我建议您将编码参数设置为binary以使用字节字符串,并防止Javascript(NodeJS)与其他语言/服务(例如Python,PHP,Github)之间的不同哈希值。
If you don't use this code, you can get a different hash between NodeJS and Python... 如果不使用此代码,则可以在NodeJS和Python之间获得不同的哈希值。
How to get the same hash that Python, PHP, Perl, Github (and prevent an issue) : 如何获得与Python,PHP,Perl,Github相同的哈希值(并防止出现问题):
NodeJS is hashing the UTF-8 representation of the string. NodeJS正在哈希字符串的UTF-8表示形式。 Other languages (like Python, PHP or PERL...) are hashing the byte string. 其他语言(例如Python,PHP或PERL ...)正在对字节字符串进行哈希处理。
We can add binary argument to use the byte string. 我们可以添加二进制参数来使用字节字符串。
Code : 代码:
const crypto = require("crypto");
function sha256(data) {
return crypto.createHash("sha256").update(data, "binary").digest("base64");
// ------ binary: hash the byte string
}
sha256("string or binary");
Documentation: 说明文件:
- crypto.createHash(algorithm[, options]): The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. crypto.createHash(algorithm [,options]):该算法取决于平台上OpenSSL版本支持的可用算法。
- hash.digest([encoding]): The encoding can be 'hex', 'latin1' or 'base64'. hash.digest([encoding]):编码可以是'hex','latin1'或'base64'。 (base 64 is less longer). (以64为底的长度会更长)。
You can get the issue with : sha256("\\xac"), "\\xd1", "\\xb9", "\\xe2", "\\xbb", "\\x93", etc... 您可能会遇到以下问题:sha256(“ \\ xac”),“ \\ xd1”,“ \\ xb9”,“ \\ xe2”,“ \\ xbb”,“ \\ x93”等。
Other languages (like PHP, Python, Perl...) and my solution with
.update(data, "binary"): 其他语言(例如PHP,Python,Perl ...)和我的.update(data, "binary")解决方案:sha1("\\xac") //39527c59247a39d18ad48b9947ea738396a3bc47Nodejs by default (without binary) : 默认情况下,Node.js(无二进制):
sha1("\\xac") //f50eb35d94f1d75480496e54f4b4a472a9148752
扫一扫
1685
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
