Home > Back-end >  What is the best approach for password encryption
What is the best approach for password encryption

Time:12-25

What is the best practice from frontend to backend for encrypting the password received during the registration process from the frontend. For example, should I encrypt and send on the front end and then re-encrypt on the backend? I would appreciate if you could answer in node.js specific

CodePudding user response:

You don't need to front-end the hash because SSL does that for you. Best practice is use SSL, that's the whole point of it.

HTTPS uses the SSL/TLS protocol to encrypt communications so that attackers can't steal data. SSL/TLS also confirms that a website server is who it says it is, preventing impersonations. This stops multiple kinds of cyber attacks.

If you need more detail follow the link.

CodePudding user response:

    const bcrypt = require('bcrypt');
    const SimpleCrypto = require('simple-crypto-js').default;
    const _secretKey = "YOURKEYHERE"; //key for create hash key 
    const simpleCrypto = new SimpleCrypto(_secretKey);
    const saltRounds = 12;
    
    exports.createHashPwd = function (password) {
      return bcrypt.hashSync(password, saltRounds);
    };
    
    //create hashpassword string
    const hashPassword = await passwordService.createHashPwd(plainTextPd);

You can know more about it here https://www.npmjs.com/package/simple-crypto-js

  • Related