How do I generate hash and salt in java and nodejs with the same database

Question

we are using one db(mongo) for our mobile(nodejs) and desktop(java) application.

The problem is, we want to use a different login/signup rest services for both app. Right now, our signup module is implemented only in java(encryption). We create a salt using SecureRandom library of java, put in in the db then use it to generate the password hash. Then when the user logs in, we just get the user's salt(assuming it exist) and then generate again a hash password using the salt from the db then compare the generated hash password in the database.

The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java.

I need to hash the unencrypted password in nodejs then compare it to the hashed password in the db that was generated in java.

How do I approach this problem? Any help would be much appreciated. Thanks.

Answer 1

There is no need to create exact the same salt because a salt is only created once and then stored somewhere. All others have to use this salt. So if node.js has a different salt creation (ie Math.random() ) that is ok, because

• you create the salt normally only on one side of the river
• if you create it on both sides the other one has to use it anyway

What you need is the same hashing mechanism ! This should be easy, because there are plenty implementations of various hashing algorythms in Java and node.js that are compatible to each other (ie md5 or sha3).

Answer 2

The problem is in nodejs, I can't find any modules/libraries that will generate an exact salt like the one generated in java.

If you would find a way to generate two exactly same salts in different times then it would beat the purpose of salting because best salts are as random as possible. What you need to do is fetch the salt from the database where Java strored it and use the fetched salt to perform hashing.