Hashing
In this section, we will dive into various methods for applying cryptographic hashes both generically and securely. We will cover best practices to ensure that the hashing process is robust against common vulnerabilities. Additionally, we will explore secure techniques for comparing hash values, focusing on the use of time-safe comparison functions to prevent timing attacks. These methods are crucial for ensuring the integrity and security of sensitive data in cryptographic operations.
Create a custom HASH
Method to create a hash of a text where you could choose the desires hash algorithm to use sha1, sha256, sha3-256,...
createCustomHash
public createCustomHash (
algorithm: string,
data: string,
outputLength: number = 0,
): Buffer;
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
| algorithm Required | string | Digest algorithm to use (sha1, sha256, sha3-256,...) | |
| data Required | string | String to hash | |
| outputLength | number | 0 | Option to specify the desired output length in bytes when using XOF hash functions. For example: shake256 |
Outputs:
As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>
Usage:
async hashUserPasswrd(
plainPassword: string,
): string {
const hashedPassword = this.cryptographyService.createCustomHash('sha-256', plainPassword);
return hashedPassword.toString('hex')
}
Verify a custom HASH
Method to verify if an existing hash matches the hash of the desired text.
You need choose the existing hash algorithm type used sha1, sha256, sha3-256,...
verifyCustomHash
public verifyCustomHash (
algorithm: string,
data: string,
oldHash: string | Buffer,
outputLength: number = 0,
): boolean;
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
| algorithm Required | string | Digest algorithm to use (sha1, sha256, sha3-256,...) | |
| data Required | string | String to hash | |
| oldHash Required | Buffer | string | Buffer or string of the existing hash | |
| outputLength | number | 0 | Option to specify the desired output length in bytes when using XOF hash functions. For example: shake256 |
Outputs:
As output, it will return true if both matches, or false if not.
This method uses a time-safe comparison function to prevent timing attacks
Usage:
async checkUserPassword(
plainPassword: string,
hashedPassword: string,
): boolean {
const bufferExistingHash = Buffer.from(hashedPassword, 'utf-8');
return this.cryptographyService.verifyCustomHash('sha-256', plainPassword, bufferExistingHash);
}
Create a secure HASH
Method to create an extra secure hash of a text.
In this case the XOF hash function shake256 will be used, producing and output of 384 bits length.
createSecureHash
public createCustomHash (
data: string
): Buffer;
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
| data Required | string | String to hash |
Outputs:
As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>
Usage:
async secureHashUserPasswrd(
plainPassword: string,
): string {
const hashedPassword = this.cryptographyService.createSecureHash(plainPassword);
return hashedPassword.toString('hex')
}
Verify a secure HASH
Method to verify if an existing hash matches the hash of the desired text.
Remember that the previous hash must have been generated using createSecureHash method.
verifySecureHash
public verifySecureHash (
data: string,
oldHash: string | Buffer
): boolean;
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
| data Required | string | String to hash | |
| oldHash Required | Buffer | string | Buffer or string of the existing hash |
Outputs:
As output, it will return true if both matches, or false if not.
This method uses a time-safe comparison function to prevent timing attacks
Usage:
async checkUserPassword(
plainPassword: string,
hashedPassword: string,
): boolean {
const bufferExistingHash = Buffer.from(hashedPassword, 'utf-8');
return this.cryptographyService.verifySecureHash(plainPassword, bufferExistingHash);
}
Create insecure fast HASH
Method to create an insecure but fast hash using the sha1 digest algorithm.
This method should not be used if you want to guarantee good security.
createInsecureFastHash
public createInsecureFastHash (
data: string
): Buffer;
Parameters:
| Name | Type | Default | Description |
|---|---|---|---|
| data Required | string | String to hash |
Outputs:
As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>
Usage:
async exampleFastHashSHA1(): string {
const sha1Hash = this.cryptographyService.createInsecureFastHash('this is not a secret');
return sha1Hash.toString('base64')
}
🛟 Tips
Remember that...
Remember that buffers could be transformed to utf8, hex, base64, latin,... using the toString() method.
let passwordAsBuffer: Buffer = someMethodThatReturnsABuffer();
console.log(passwordAsBuffer.toString('hex')) // f32.....4ee
console.log(passwordAsBuffer.toString('base64')) // 8OI.....ZQ=