1. 技术文章
  2. Simple way to hash password client side right before submitting form

Simple way to hash password client side right before submitting form

[亡魂溺海] 提交于 2019-12-23 23:12:23

问题


Without any common JS libraries, how can I hash a password before sending it?

<form>
    <input type="password" id="pwd" name="password" />
    <input onclick="
var val = document.getElementById('pwd').value;
document.getElementById('pwd').value(sha512(val));"
     type="submit">
</form>

That would somehow be my naive way to do it (with sha512 being a function defined somewhere to create the sha512 value)

Though it obviously does not seem to work. Why? How do I do this right and simple?


回答1:


Lots of issues here... like hashes without a salt can be rainbow tabled. If you send and then store the hash they make... its like storing a cleartext password now. If the client salts and hashes and then the server salts and hashes it... how do you ensure they can hash again with the correct salt. Bottom line, use a secure connection and then salt/hash on the server.




回答2:


I propose you to use jsSHA public sw and put outside your js:

function mySubmit(obj) {
  var pwdObj = document.getElementById('pwd');
  var hashObj = new jsSHA("SHA-512", "TEXT", {numRounds: 1});
  hashObj.update(pwdObj.value);
  var hash = hashObj.getHash("HEX");
  pwdObj.value = hash;
}

<script src="https://cdnjs.cloudflare.com/ajax/libs/jsSHA/2.0.2/sha.js"></script>

<form>
    <input type="password" id="pwd" name="password" />
    <input onclick="mySubmit(this)" type="submit">
</form>



回答3:


document.getElementById('pwd').value(sha512(val));

You meant value = sha512(val).

This would have given you an exception with some helpful error message (eg value is not a function), so keep the JS console open so you can see the errors.

Note that client-side password hashing is usually an antipattern, and certainly not a workable substitute for proper SSL.




回答4:


I don't think that it is a good idea to hash password in clientside. But you can use CryptoJS

https://code.google.com/p/crypto-js/

<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/sha512.js"></script>
<script>
    var hash = CryptoJS.SHA512("Message");
</script>


来源:https://stackoverflow.com/questions/34952392/simple-way-to-hash-password-client-side-right-before-submitting-form

标签
javascript
html
security
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!