Skip to main content
Version: 2.x

Hashing

In this section, we will dive into various methods for applying cryptographic hashes both generically and securely. We will cover best practices to ensure that the hashing process is robust against common vulnerabilities. Additionally, we will explore secure techniques for comparing hash values, focusing on the use of time-safe comparison functions to prevent timing attacks. These methods are crucial for ensuring the integrity and security of sensitive data in cryptographic operations.

Create a custom HASH

Method to create a hash of a text where you could choose the desires hash algorithm to use sha1, sha256, sha3-256,...

createCustomHash

public createCustomHash (
algorithm: string,
data: string,
outputLength: number = 0,
): Buffer;

Parameters:

NameTypeDefaultDescription
algorithm RequiredstringDigest algorithm to use (sha1, sha256, sha3-256,...)
data RequiredstringString to hash
outputLengthnumber0Option to specify the desired output length in bytes when using XOF hash functions. For example: shake256

Outputs:

As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>

Usage:

async hashUserPasswrd(
plainPassword: string,
): string {
const hashedPassword = this.cryptographyService.createCustomHash('sha-256', plainPassword);
return hashedPassword.toString('hex')
}

Verify a custom HASH

Method to verify if an existing hash matches the hash of the desired text. You need choose the existing hash algorithm type used sha1, sha256, sha3-256,...

verifyCustomHash

public verifyCustomHash (
algorithm: string,
data: string,
oldHash: string | Buffer,
outputLength: number = 0,
): boolean;

Parameters:

NameTypeDefaultDescription
algorithm RequiredstringDigest algorithm to use (sha1, sha256, sha3-256,...)
data RequiredstringString to hash
oldHash RequiredBuffer | stringBuffer or string of the existing hash
outputLengthnumber0Option to specify the desired output length in bytes when using XOF hash functions. For example: shake256

Outputs:

As output, it will return true if both matches, or false if not.

This method uses a time-safe comparison function to prevent timing attacks

Usage:

async checkUserPassword(
plainPassword: string,
hashedPassword: string,
): boolean {
const bufferExistingHash = Buffer.from(hashedPassword, 'utf-8');
return this.cryptographyService.verifyCustomHash('sha-256', plainPassword, bufferExistingHash);
}

Create a secure HASH

Method to create an extra secure hash of a text.

In this case the XOF hash function shake256 will be used, producing and output of 384 bits length.

createSecureHash

public createCustomHash (
data: string
): Buffer;

Parameters:

NameTypeDefaultDescription
data RequiredstringString to hash

Outputs:

As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>

Usage:

async secureHashUserPasswrd(
plainPassword: string,
): string {
const hashedPassword = this.cryptographyService.createSecureHash(plainPassword);
return hashedPassword.toString('hex')
}

Verify a secure HASH

Method to verify if an existing hash matches the hash of the desired text.

warning

Remember that the previous hash must have been generated using createSecureHash method.

verifySecureHash

public verifySecureHash (
data: string,
oldHash: string | Buffer
): boolean;

Parameters:

NameTypeDefaultDescription
data RequiredstringString to hash
oldHash RequiredBuffer | stringBuffer or string of the existing hash

Outputs:

As output, it will return true if both matches, or false if not.

This method uses a time-safe comparison function to prevent timing attacks

Usage:

async checkUserPassword(
plainPassword: string,
hashedPassword: string,
): boolean {
const bufferExistingHash = Buffer.from(hashedPassword, 'utf-8');
return this.cryptographyService.verifySecureHash(plainPassword, bufferExistingHash);
}

Create insecure fast HASH

Method to create an insecure but fast hash using the sha1 digest algorithm.

danger

This method should not be used if you want to guarantee good security.

Read this article

createInsecureFastHash

public createInsecureFastHash (
data: string
): Buffer;

Parameters:

NameTypeDefaultDescription
data RequiredstringString to hash

Outputs:

As output, it will return a Buffer <Buffer cc 2b.....cd a1 08>

Usage:

async exampleFastHashSHA1(): string {
const sha1Hash = this.cryptographyService.createInsecureFastHash('this is not a secret');
return sha1Hash.toString('base64')
}

🛟 Tips

Remember that...
info

Remember that buffers could be transformed to utf8, hex, base64, latin,... using the toString() method.

let passwordAsBuffer: Buffer = someMethodThatReturnsABuffer();

console.log(passwordAsBuffer.toString('hex')) // f32.....4ee
console.log(passwordAsBuffer.toString('base64')) // 8OI.....ZQ=