NodeJs安全性-从数据库读取散列的sha256密码
[英]NodeJs Security - Read hashed sha256 password from DB
问题描述
I know how to "safely" store a password in the database in NodeJs and use it as a user login for example. 
我知道如何在NodeJs的数据库中“安全”存储密码,并将其用作用户登录名。 But know I have a different question, where I'm not sure what might be best practice. 但是知道我有一个不同的问题,我不确定哪里可能是最佳实践。
I am using amazon product api, so I have to provide different aws Id's. 我正在使用亚马逊产品API,因此我必须提供不同的AWS ID。 So I thought, storing them as a plain text might not be that sure, so I hashed them. 因此,我认为将它们存储为纯文本格式可能不确定,因此我对它们进行了哈希处理。
But when sending my request to the amazon Api via the code snipped below, I somehow have to safely restore the "correct key", because the hashed one will not be accepted then. 但是,当通过下面的代码将请求发送到亚马逊Api时,我必须以某种方式安全地恢复“正确的密钥”,因为那时散列的密钥将不被接受。
var opHelper = new OperationHelper({
awsId: 'XXXXX',
awsSecret: 'XXXXX',
assocId: 'XXXX'
});
Is there some opposite way of 是否有一些相反的方式
crypto.createHash('sha256').update(awsId).digest('base64')
So to make my it more clear, how to restore a hashed key from my database so that I can use it in the amazon request again? 为了使我更清楚,如何从数据库中还原哈希键,以便可以再次在Amazon请求中使用它?
Or am I getting things totally wrong and I do not have to store them hashed in my database? 还是我把事情完全弄错了,而不必将它们散列存储在数据库中?
Thank you for letting me know 谢谢你让我知道
1 个解决方案
解决方案1
1 已采纳 2014-03-24 07:23:25
There is no way to reverse a hash without brute force. 没有蛮力就无法扭转哈希。
This is the point of a hash. 这就是哈希的重点。
Sorry 抱歉
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.