Untitled
unknown
javascript
a year ago
1.0 kB
5
Indexable
Is this implimentation of the WebCrypto API safe? ``` export class Hashing { public static async generate_salt(): Promise<string> { // Generate salt using crypto.getRandomValues return Array.from(crypto.getRandomValues(new Uint32Array(8)), (dec) => { return ("0" + dec.toString(36)).substring(-2); }).join(""); } public static async generate_hash(password: string, salt: string | void) { if (!salt) { salt = await Hashing.generate_salt(); } let hashArray = await crypto.subtle.digest( "SHA-256", new TextEncoder().encode(password + salt) ); let hash = Array.from(new Uint8Array(hashArray), (dec) => { return ("0" + dec.toString(36)).substring(-2); }).join(""); return `${hash}.${salt}`; } public static async verify_hash(password: string, hash: string) { let [_, salt] = hash.split("."); return hash === (await Hashing.generate_hash(password, salt)); } } ```
Editor is loading...
Leave a Comment