Comments (6)
Added a comprehensive options guide to the wiki: https://github.com/ranisalt/node-argon2/wiki/Options
Will work on other parts when I have time.
from node-argon2.
neither should I let client to send plain password to the server
Yes, you should. When a client signs up or logs in, you will send the password in plain, through a secure channel (HTTPS).
The only logical way I can see is to use argon2 on client side to generate and send digest to the server
Wrong because of the above. When you hash the password prior to sending to the server, you are effectively making the hash become the password. Send it plainly through HTTPS.
I have no clue how am I supposed to get the plain hash out of it
It is impossible. Argon2 is an one-way function, you can never revert to the preimage.
from node-argon2.
@EyalPerry nice addition. We currently track the latest upstream release of phc-winner-argon2, though.
from node-argon2.
Can do, though most of that is actually Argon2 related and not exactly from this lib, I feel it's a good thing to do.
I use defaults recommended by Argon2 and used by most implementations, and since the options get stored with the hash, if you want to change the options your old hashes are still valid and working. You can assume that defaults are enough.
from node-argon2.
which algorithm version does this library implement?
I think it should be a part of docs.
from node-argon2.
I think that documentation could use some simple examples of library usage. Personally, I am literally confused about how to do such a simple thing like saving password hash for future verifications. I know I can just argon2.verify(hash, 'password')
, but I shouldn't be keeping plain passwords in my db, neither should I let client to send plain password to the server.
The only logical way I can see is to use argon2 on client side to generate and send digest to the server. On server-side I can just compare this digest against hashed password. This is easy. But when user is creating new account and sends digest to the server, I have no clue how am I supposed to get the plain hash out of it for further verifications. I tried to verify digest against another digest but it obivously failed.
from node-argon2.
Related Issues (20)
- How to use secret? HOT 3
- Vulnerable downstream dependency HOT 6
- Hash in .Net and Verify in node.js HOT 6
- Cannot build anymore from yesterday: Cannot find module './**/*' HOT 8
- How to cache the Argon2 binary for CI? HOT 1
- Bun support HOT 1
- how to install with local argon2.node HOT 1
- v0.40.0-alpha.2 raises ts errors HOT 2
- node18.14.0 node-gyp10.0.1 Error message reported during installation of argon2 HOT 2
- How to hash without salt? HOT 2
- Feat request: synchronous version HOT 5
- Crash with docker HOT 2
- `defaults` is no longer exported in v0.40.0 HOT 2
- Mismatching version numbers on github releases and npm (0.40.0 vs 0.40.1) HOT 2
- node-gyp-build error HOT 4
- Doesn't work in the node:20-alpine image docker HOT 24
- Type regression between v0.31.2 and v0.40.1 HOT 5
- ReferenceError: require is not defined HOT 1
- Centos8 error: "symbol lookup error: undefined symbol: argon2_ctx" HOT 1
- Invalid argument on verify method HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-argon2.