[Web Security] Create a hash salt password which can stored in DB
We cannot directly store user password in the database.
What need to do is creating a hashed & salted string which reperstanting the user password.
This password is not reverable. And very hard for hacker to guess what is the origial password by using Dictionary Attacks.
var crypto = require('crypto'); var password = "monkey"; // randomBytes: generate a salt pre user, salt should be stored with hashed password in the database crypto.randomBytes(256, function(err, salt) { // pbkdf2: combine the salt the hash password algorithm, to generate a safe password crypto.pbkdf2(password, salt, 100000, 512, 'sha256', function(err, hash) { console.log("The result of hashing " + password + " is:\n\n" + hash.toString('hex') + "\n\n"); }); });
分类:
[Whole Web]
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
2016-08-09 [ES6] ES6 Parameter Object Destructuring with Required Values
2014-08-09 [Backbone] Customzing Backbone
2014-08-09 [Backbone] Working with forms