From my journey as a software developer, I’ve learned one fundamental truth – security is not something to be taken lightly, especially when dealing with sensitive data. That’s why, in today’s blog post, we’re going to delve into the world of crypto. More specifically, we’re focusing on how to create an MD5 hash with salt using Node.js. You may ask, why is this necessary? Well, adding a “salt” to your hash adds an extra layer of complexity and safety to your data, making it much harder for nefarious actors to crack. Stick with me as we navigate these cryptic waters together.
Let’s learn a bit about MD5 Hash. MD5 is (atleast when it was created) a standardized 1-way function that takes in data input of any form and maps it to a fixed-size output string, irrespective of the size of the input string.
Though it is used as a cryptographic hash function, it has been found to suffer from a lot of vulnerabilities.
A salt is a randomly generated string of characters that is used as an additional input to a one-way hash function. Salts are used to protect against dictionary attacks and rainbow table attacks.
The MD5 hash with salt is generated by concatenating the salt to the password and then hashing the resulting string. The salt is then appended to the generated hash to form the complete hash. This complete hash is then stored in the database. When a user attempts to login, the salt is retrieved from the database and used to generate a hash from the provided password. The generated hash is then compared to the hash stored in the database. If the two hashes match, the user is authenticated.
We can create an MD5 hash of a string in Node.js without using an hash as well. In this article we will create a hash by using a salt.
If you are looking to generate md5 checksum in nodejs, please follow this article – Creating MD5 Hash with salt in Node.js.
The method below is for creating it in Node.js i.e., on the server side.
MD5 hash with salt using crypto module in Node.js
Here we will be using the default crypto module. Then, you can use it in your code to update the hash with password and salt.
Here is an example demonstrating using crypto and md5 implementation-
import { createHash } from "crypto";
const password = "password";
const salt = "80zzm081sr@nd0m";
const passhash = createHash("md5")
.update(password)
.update(createHash("md5").update(salt, "utf8").digest("hex"))
.digest("hex");
console.log(passhash);The output of the above script will be an MD5 hash with salt of password when you run the command node index.js in your shell-
5d224cc2ba030bac93e6ac0e0ecc18e7Passwords can also be MD5 hashed in the frontend JavaScript, but, its not advised to do it in the frontend, as your hash is now known to the attacker, eventually leading to a security breach.
If you looking to create an MD5 hash of a file, please follow the article where we discuss as to how to read a file buffer and create the hash.
NOTE : Please do not use this to hash passwords and store it in your databases, prefer SHA-256 with salt or SHA-512 with salt or other superior cryptographic hash functions for the same.
It’s as simple as that! You do not need any fancy npm library for creating an MD5 hash in Node.js.
And there we have it! I hope you’ve enjoyed this jaunt through the complexities of hashing with salt in Node.js as much as I have. Remember, the added layer of protection a salted hash provides is invaluable in keeping your data secure. It might seem daunting at first, but with the knowledge we’ve shared today, you’re well-equipped to implement this vital security measure. Don’t forget, the internet is an ever-changing landscape, and staying ahead of the curve is paramount. Keep exploring, keep learning, and keep your data secure.
I’m glad that you found the content useful. Happy Coding.
