I want to authenticate a user using a username and password in a web app running javascript interfacing to a non node js or php server. In a normal desktop app I could use bcrypt or an hmac or ??. When I search the internet I come up with ambiguous results for HMAC and Javascript or Bcrypt and Javascript. Am I missing something?
Asked
Active
Viewed 192 times
-1
-
1It's not clear from your question what you are trying to achieve by hashing the password on the client-side, but see https://security.stackexchange.com/questions/8596/https-security-should-password-be-hashed-server-side-or-client-side for why this is almost always a bad idea. Unless you are trying to implement some sort of PAKE or SRP scheme, you probably should be hashing the password on the server side. If it's a static site, then use basic HTTP authentication. – mti2935 May 19 '20 at 20:30
1 Answers
2
Passwords should be hashed server-side, so you should search for php +bcrypt or nodejs +bcrypt (HMAC is not good for password hashing), not JavaScript +bcrypt. For PHP, you'd use password_hash, for nodejs there are bcrypt libraries available.
tim
- 29,640
- 7
- 98
- 121