Untitled

avatar
unknown
javascript
a year ago
1.0 kB
5
Indexable
Is this implimentation of the WebCrypto API safe?

```
export class Hashing {
    public static async generate_salt(): Promise<string> {
        // Generate salt using crypto.getRandomValues
        return Array.from(crypto.getRandomValues(new Uint32Array(8)), (dec) => {
            return ("0" + dec.toString(36)).substring(-2);
        }).join("");
    }

    public static async generate_hash(password: string, salt: string | void) {
        if (!salt) {
            salt = await Hashing.generate_salt();
        }
        let hashArray = await crypto.subtle.digest(
            "SHA-256",
            new TextEncoder().encode(password + salt)
        );
        let hash = Array.from(new Uint8Array(hashArray), (dec) => {
            return ("0" + dec.toString(36)).substring(-2);
        }).join("");
        return `${hash}.${salt}`;
    }

    public static async verify_hash(password: string, hash: string) {
        let [_, salt] = hash.split(".");
        return hash === (await Hashing.generate_hash(password, salt));
    }
}
```
Editor is loading...
Leave a Comment