Are there any SHA-256 javascript implementations that are generally considered trustworthy

Question

I am writing a login for a forum  and need to hash the password client side in javascript before sending it on to the server  I m having trouble figuring out which SHA-256 implementation I can actually trust  I was expecting there to be some kind of authoritative script that everyone used  but I m finding loads of different projects all with their own implementations   I realize using other people s crypto is always a leap of faith unless you re qualified to review it yourself  and that there is no universal definition of  trustworthy   but this seems like something common and important enough that there ought to be some kind of consensus on what to use  Am I just naive   Edit since it comes up a lot in the comments  Yes  we do a more stringent hash again on the server side  The client side hashing is not the final result that we save in the database  The client side hashing is because the human client requests it  They have not given a specific reason why  probably they just like overkill

User · Answer

For those interested  this is code for creating SHA-256 hash using sjcl   import sjcl from  sjcl   const myString    Hello  const myBitArray   sjcl hash sha256 hash myString  const myHash   sjcl codec hex fromBits myBitArray

User · Answer

No  there s no way to use browser JavaScript to improve password security  I highly recommend you read this article  In your case  the biggest problem is the chicken-egg problem   What s the  quot chicken-egg problem quot  with delivering Javascript cryptography  If you don t trust the network to deliver a password  or  worse  don t trust the server not to keep user secrets  you can t trust them to deliver security code  The same attacker who was sniffing passwords or reading diaries before you introduce crypto is simply hijacking crypto code after you do          Why can t I use TLS SSL to deliver the Javascript crypto code  You can  It s harder than it sounds  but you safely transmit Javascript crypto to a browser using SSL  The problem is  having established a secure channel with SSL  you no longer need Javascript cryptography  you have  quot real quot  cryptography   Which leads to this   The problem with running crypto code in Javascript is that practically any function that the crypto depends on could be overridden silently by any piece of content used to build the hosting page  Crypto security could be undone early in the process  by generating bogus random numbers  or by tampering with constants and parameters used by algorithms   or later  by spiriting key material back to an attacker   or --- in the most likely scenario --- by bypassing the crypto entirely  There is no reliable way for any piece of Javascript code to verify its execution environment  Javascript crypto code can t ask   quot am I really dealing with a random number generator  or with some facsimile of one provided by an attacker  quot  And it certainly can t assert  quot nobody is allowed to do anything with this crypto secret except in ways that I  the author  approve of quot   These are two properties that often are provided in other environments that use crypto  and they re impossible in Javascript   Basically the problem is this   Your clients don t trust your servers  so they want to add extra security code  That security code is delivered by your servers  the ones they don t trust    Or alternatively   Your clients don t trust SSL  so they want you use extra security code  That security code is delivered via SSL   Note  Also  SHA-256 isn t suitable for this  since it s so easy to brute force unsalted non-iterated passwords  If you decide to do this anyway  look for an implementation of bcrypt  scrypt or PBKDF2

User · Answer

Besides the Stanford lib that tylerl mentioned  I found jsrsasign very useful  Github repo here https   github com kjur jsrsasign   I don t know how exactly trustworthy it is  but i ve used its API of SHA256  Base64  RSA  x509 etc  and it works pretty well  In fact  it includes the Stanford lib as well   If all you want to do is SHA256  jsrsasign might be a overkill  But if you have other needs in the related area  I feel it s a good fit

User · Answer

I found this implementation very easy to use  Also has a generous BSD-style license   jsSHA  https   github com Caligatio jsSHA  I needed a quick way to get the hex-string representation of a SHA-256 hash  It only took 3 lines   var sha256   new jsSHA  SHA-256    TEXT    sha256 update some string variable to hash   var hash   sha256 getHash  HEX

User · Answer

Forge s SHA-256 implementation is fast and reliable   To run tests on several SHA-256 JavaScript implementations  go to http   brillout github io test-javascript-hash-implementations    The results on my machine suggests forge to be the fastest implementation and also considerably faster than the Stanford Javascript Crypto Library  sjcl  mentioned in the accepted answer   Forge is 256 KB big  but extracting the SHA-256 related code reduces the size to 4 5 KB  see https   github com brillout forge-sha256

User · Answer

On https   developer mozilla org en-US docs Web API SubtleCrypto digest I found this snippet that uses internal js module  async function sha256 message           encode as UTF-8     const msgBuffer   new TextEncoder   encode message                               hash the message     const hashBuffer   await crypto subtle digest  SHA-256   msgBuffer           convert ArrayBuffer to Array     const hashArray   Array from new Uint8Array hashBuffer            convert bytes to hex string                       const hashHex   hashArray map b   gt    00    b toString 16   slice -2   join          return hashHex     Note that crypto subtle in only available on https or localhost - for example for your local development with python3 -m http server you need to add this line to your  etc hosts  0 0 0 0 localhost Reboot - and you can open localhost 8000 with working crypto subtle

User · Answer

OUTDATED  Many modern browsers now have first-class support for crypto operations  See Vitaly Zdanevich s answer below   The Stanford JS Crypto Library contains an implementation of SHA-256  While crypto in JS isn t really as well-vetted an endeavor as other implementation platforms  this one is at least partially developed by  and to a certain extent sponsored by  Dan Boneh  who is a well-established and trusted name in cryptography  and means that the project has some oversight by someone who actually knows what he s doing  The project is also supported by the NSF  It s worth pointing out  however        that if you hash the password client-side before submitting it  then the hash is the password  and the original password becomes irrelevant  An attacker needs only to intercept the hash in order to impersonate the user  and if that hash is stored unmodified on the server  then the server is storing the true password  the hash  in plain-text  So your security is now worse because you decided add your own improvements to what was previously a trusted scheme

[hash] Are there any SHA-256 javascript implementations that are generally considered trustworthy?

Examples related to hash

Examples related to javascript

Examples related to sha256

Examples related to sha2