node.js bcrypt 与节点一起使用的替代方法是什么?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19822643/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is an alternative for bcrypt to use with node?
提问by Kory
I have tried for days to get bcrypt installed on my windows machine with no luck. One of the dependencies (Windows 7 SDK) does not want to be installed even though I have tried numerous suggestions from around the net it just refuses to cooperate.
我已经尝试在我的 Windows 机器上安装 bcrypt 好几天了,但没有成功。一个依赖项(Windows 7 SDK)不想被安装,即使我已经尝试了很多来自网络的建议,它只是拒绝合作。
I need a good alternative to bcrypt which does not have any dependencies.
我需要一个很好的 bcrypt 替代品,它没有任何依赖项。
回答by enducat
Check out https://npmjs.org/package/bcryptjs, it's fully compatible with bcrypt just without the dependencies.
查看https://npmjs.org/package/bcryptjs,它与 bcrypt 完全兼容,只是没有依赖项。
Or https://npmjs.org/package/simplecryptif you don't want the crypto boilerplate and just need to encrypt and decrypt strings.
或者https://npmjs.org/package/simplecrypt如果您不想要加密样板并且只需要加密和解密字符串。
回答by malik bagwala
As of 24th April 2020There is a nice built in way of hashing passwords using scryptin the cryptomodule
截至2020 年 4 月 24 日scrypt,crypto模块中使用了一种很好的内置密码散列方式
// Using the built in crypto module
const { scryptSync, randomBytes } = require("crypto");
// Any random string here (ideally should be atleast 16 bytes)
const salt = randomBytes(16).toString("hex")
// Pass the password string and get hashed password back
// ( and store only the hashed string in your database)
const getHash = (password) => scryptSync(password, salt, 32).toString("hex");
回答by Nux
回答by josh3736
You should really use the built-in crypto module for your encryption needs. It's basically a binding to OpenSSL, a fast, stable, secure, and well-vetted crypto library. Trying to implement your own crypto (or use someone else's unvalidated attempt at implementing crypto) is a recipe for disaster.
您真的应该使用内置的加密模块来满足您的加密需求。它基本上是与 OpenSSL 的绑定,OpenSSL 是一个快速、稳定、安全且经过严格的加密库。尝试实施您自己的加密(或使用其他人未经验证的尝试实施加密)是灾难的秘诀。
If you're looking to encrypt data, all you have to do is call crypto.createCipher, which returns a readable/writable Stream. Write data into the stream and it will emit data events with the encrypted data.
如果您要加密数据,您所要做的就是调用crypto.createCipher,它返回一个 readable/writable Stream。将数据写入流中,它将使用加密数据发出数据事件。
For example:
例如:
var stream = crypto.createCipher('aes192', 'mysecretpassword');
stream.on('data', function(enc) {
// enc is a `Buffer` with a chunk of encrypted data
});
stream.write('some secret data');
stream.end();
