stackoom
  简体   繁体   中英

How to encrypt a password on the client (AngularJS), send it to the server (expressJS) and decrypt it on the server?

 原文  2016-05-11 18:46:36       javascript/ angularjs/ node.js/ express/ encryption

Question

I want to encrypt a password on the client (angular.js), send it to the server (express.js) and decrypt it on the server. I would like a simple method. I use $http to POST requests. I know that exits angular-bcrypt library and the same in nodeJS, but not worth for me, because it only has the method compare.

I want something like that: 

password = document.getElementById('txtPassword').value;
var xorKey = 129; /// you can have other numeric values also.
    var result = "";
    for (i = 0; i < password.length; ++i) {
        result += String.fromCharCode(xorKey ^ password.charCodeAt(i));
    }

But,I only found the method for decrypting in c#: 

public bool Authenticate(string userName, string password)
    {
        byte result = 0;

        StringBuilder inSb = new StringBuilder(password);
        StringBuilder outSb = new StringBuilder(password.Length);
        char c;
        for (int i = 0; i < password.Length; i++)
        {
            c = inSb[i];
            c = (char)(c ^ 129); /// remember to use the same XORkey value you used in javascript
            outSb.Append(c);
        }
        password = outSb.ToString();

       // your rest of code
    }

Any idea? Thank you very much. :P

3 answers

solution1
 15  2016-05-12 13:09:16

Passwords should never be decrypted. They should be hashed with one-way encryption. The server should provide a nonce so that the client returns a different but verifiable answer on each login.

All passwords should be hashed, salted and stretched. If it can be decrypted, it is not safe. See Serious Security: How to store your users' passwords safely .

My favorite answer:

You need a library that can encrypt your input on client side and transfer it to the server in encrypted form.

You can use following libs:

  • jCryption . Client-Server asymmetric encryption over Javascript

Update after 3 years:

Update after 4 years (Wohoo!)

Still not convinced? Neither am I :)

— Password encryption at client side

See also:

Is it worth hashing passwords on the client side

UPDATE March 2017 : Consider getting a free SSL Certificate with

https://letsencrypt.org/about/

solution2
 3  2016-05-11 18:58:58

The only secure way to securely transmit data between client and server is to secure the connection with SSL. What you're essentially doing is just obfuscation, which can be reversed.

solution3
 2  2016-05-11 18:59:01

You can use the Stanford Javascript Crypto Library: https://bitwiseshiftleft.github.io/sjcl/ . It should work for both Angular and Node.

Beyond that, your best bet is to make sure that you use HTTPS for your connections.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Send messages from server (Expressjs routing) to client Encrypt non sensitive client side data and decrypt on server side is it possible to encrypt at server side and decrypt it on the client side (using javascript)? Php code to encrypt client input data and decrypt it at the server side Encrypt AES in Visual Basic then Decrypt AES in javascript - Server to client How to encrypt data from server side and pass it to client side(javascript) and decrypt and use it How to send an xhttp request from an expressjs server? RC4 Algorithm: Unable to Encrypt / Decrypt data where client uses Javascript and Server c# How to send image to server on AngularJS? How can I send text value of a button to the server in ReactJS + ExpressJS?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM