Hashing a Password
In this lesson, we'll hash the password before sending it to the API.
We'll cover the following
The API we’re using requires that we hash the password. But what exactly does that mean? Storing a password in plain text is considered bad practice. If a hacker can access the database, they’ll be able to view every user’s password.
In case a database is hacked, one way to secure passwords is by hashing them. Hashing is the process of converting a value into another. It makes a value challenging to recognize.
Hashing is a complex process that we won’t dive into too much. There are hundreds of algorithms available for hashing values. Which algorithm you use is up to you. Let’s look at an example of the SHA256 hash. It’s a reasonably popular hash.
Check out this site: https://xorbin.com/tools/sha256-hash-calculator.
It’s a tool for hashing text. Try to hash any value you’d like. The result will be some unreadable gibberish. However, that’s the point. A hacker would have to figure out the original value AND the hash used.
The Enzoic API expects a password that has been hashed. This way, we don’t need to send the user’s actual password over the request. The API supports md5, SHA1, and SHA256 hashes. We’ll be using SHA256 because of its popularity and security.
Installing Crypto JS
There’s a library, called Crypto JS, that comes bundled with functions that will perform various hashes, including the SHA256 hash. It’s called Crypto JS. We’ll use it to hash the password that we’ll send to the API.
In the command line, run the following command to install the library:
npm install crypto-js
Hashing the password
Let’s hash the password. We’ll update the enzoic.service.ts
file to the following:
Get hands-on with 1400+ tech skills courses.