Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Could you use browserify to require node-bcrypt client-side and then send the hash to the server?
Does this just sound really awesome or could it actually provide more security then passing plaintext to the server over SSL? What if we are passing the plaintext via websockets?
Thanks!
node-bcrypt depends on native OpenSSL support. In its current configuration, it won’t work in the browser. According to this question, there are no pure javascript implementations of bcrypt, but blowfish, a similar algorithm, does have pure javascript implementations.
For question 2, stick with the standard of TLS (via HTTPS) for your end-to-end encryption. Chances that your functional requirements require something custom are pretty slim.