concept salt in category angular
This is an excerpt from Manning's book Getting MEAN with Mongo, Express, Angular, and Node.js 2ED.
randomBytes—To generate a cryptographically strong string of data to use as the salt. pbkdf2Sync—To create the hash from the password and the salt. pbkdf2 stands for password-based key derivation function 2, an industry standard. You’ll use these methods to create a random string for the salt and for encrypting the password and salt into the hash. The first step is to require crypto at the top of the users.js file:
const mongoose = require( 'mongoose' ); const crypto = require('crypto');Second, update the setPassword method to set the salt and the hash for users. To set the salt, you’ll use the randomBytes method to generate a random 16-byte string. Then, you’ll use the pbkdf2Sync method to create the encrypted hash from the password and the salt. The following listing shows how to use these two functions in conjunction with each other.
This is where the concept of a salt comes in. A salt is a random string generated by the application for each user that’s combined with the password before encryption. The resulting encrypted value is called a hash, as illustrated in figure 11.8.