In this digital era, security and data privacy is a top concern for developers. We should not let our user’s data be stolen by irresponsible people. 3 common cryptography techniques are used to secure your data as developers. Those techniques are:

- Hash
- Symmetric Encryption
- Asymmetric Encryption

In this article, we will look at specifically hash. Let’s see the implementation in NodeJS.

## NodeJS Library for Hash Cryptography And Its Algorithm

To create a hash, we can use a built-in nodejs library that is `crypto`

. you just have to import them like this:

```
let crypto = require("crypto")
```

This library supports many kinds of hash algorithms. To get all of the supported algorithms, you can use this method:

let crypto = require("crypto") console.log(crypto.getHashes()) // ['RSA-MD5','RSA-RIPEMD160','RSA-SHA1','RSA-SHA1-2','RSA-SHA224', // 'RSA-SHA256','RSA-SHA3-224','RSA-SHA3-256','RSA-SHA3-384', // 'RSA-SHA3-512','RSA-SHA384','RSA-SHA512','RSA-SHA512/224', // 'RSA-SHA512/256','RSA-SM3','blake2b512','blake2s256', // 'id-rsassa-pkcs1-v1_5-with-sha3-224','id-rsassa-pkcs1-v1_5-with-sha3-256', // 'id-rsassa-pkcs1-v1_5-with-sha3-384','id-rsassa-pkcs1-v1_5-with-sha3-512', // 'md5','md5-sha1','md5WithRSAEncryption','ripemd','ripemd160', // 'ripemd160WithRSA','rmd160','sha1','sha1WithRSAEncryption','sha224', // 'sha224WithRSAEncryption', 'sha256','sha256WithRSAEncryption','sha3-224', // 'sha3-256','sha3-384','sha3-512','sha384','sha384WithRSAEncryption', // 'sha512','sha512-224','sha512-224WithRSAEncryption', // 'sha512-256','sha512-256WithRSAEncryption','sha512WithRSAEncryption', // 'shake128','shake256','sm3','sm3WithRSAEncryption','ssl3-md5', // 'ssl3-sha1']

As you can see we can use many algorithms, 2 of them are `sha256`

and `sha512`

which is the most popular one.

## Basic Hash Cryptography in NodeJS

The first method in `crypto`

library that is used to hash is `createHash()`

. This method provides a basic hashing functionality in nodejs. You will probably not use this method in real-world applications because it is just not as safe as the other method. To use this method, you can look at this code piece:

```
let crypto = require("crypto")
let hash = (text) => {
let hash = crypto.createHash("sha256")
hash.update(text)
return hash.digest("hex")
}
let compare = (text, hashedText) = {
let hashed = hash(text)
return (hashed === hashedText) ? true : false
}
module.exports = {
hash,
compare
}
```

## Notes!

Don’t use this method for hashing passwords, it is not safe!

In this example, we use `SHA256`

algorithm, alternatively, you can use `SHA512`

to create a stronger hash.

## HMAC Cryptography in NodeJS

HMAC is a Hash-based Message Authentication Code. It is a cryptographic authentication technique that uses a hash function and a secret key.

The most popular HMAC techniques are HMAC-SHA256 and HMAC-SHA512.

To create a hmac, you can use `createHmac()`

method. This method is usually combined with encryption cryptography such as AES to create a message authentication code. We will try to create an HMAC-SHA256 as an example of how to use this method:

```
let crypto = require("crypto")
let hash = (text) => {
let hmac = crypto.createHmac("sha256", "mysupersecret")
hmac.update(text)
return hmac.digest("hex")
}
let compare = (text, hashedText) => {
let hashed = hash(text)
return (hashed === hashedText) ? true : false
}
module.exports = {
hash,
compare
}
```

You can see that it uses a secret `mysupersecret`

to hash the text. To create SHA512, you just have to change the hash algorithm from `sha256`

to `sha512`

on the code snippet above.

## Notes!

Don’t use this method for hashing passwords, it is not safe!

## PBKDF2 Cryptography in NodeJS

PBKDF2 is Password-Based Key Derivation Function (version) 2. It is a hash technique that is used specifically for generating passwords because it is deliberately slow to compute by using many iteration processes.

The most popular PBKDF2 techniques are PBKDF2-HMAC-256 and PBKDF2-HMAC-512.

We will try to create a PBKDF2-HMAC-SHA256 as an example of how to use this method:

```
let crypto = require("crypto)
let hash = (salt, text) => {
let algorithm = "sha256"
let iteration = algorithm === "sha512" ? 210000 : 600000
return new Promise((resolve, reject) => {
pbkdf2(text, salt, iteration, 64, algorithm, (err, derivedKey) => {
if (err) return reject(err)
return resolve(salt + "." + derivedKey.toString("hex"))
})
})
}
let compare = async (text, hashedText) => {
let salt = hashedText.split(".")[0]
let hashed = await hash(salt, text)
return (hashed === hashedText) ? true : false
}
module.exports = {
hash,
compare
}
```

Before calling the hash function, you can generate the `randomSalt`

value just like this

```
let randomSalt = crypto.randomBytes(16).toString("hex")
```

Also, notice that we return the `randomSalt`

together with the `derivedKey`

in this hash function example. It is common practice that we use a unique salt every time we create a new password and embed it together with the password to make the password unpredictable.

When comparing the `text`

and `hashedText`

, first we must extract the `salt`

and then generate the `hash`

with the extracted `salt`

value.

## Scrypt Cryptography in NodeJS

Scrypt is the same as pbkdf2, a password-based key derivation function. Besides being deliberately slow, it is designed to require a large (and adjustable) amount of memory to compute. The purpose of this is to make it harder to crack parallelly using devices like GPGPUs or custom ASIC / FPGA hardware.

To use this method, you can look at this code piece:

```
let crypto = require("crypto)
let hash = (salt, text) => {
return new Promise((resolve, reject) => {
pbkdf2(text, randomSalt, 64, (err, derivedKey) => {
if (err) return reject(err)
return resolve(randomSalt + "." + derivedKey.toString("hex"))
})
})
}
let compare = async (text, hashedText) => {
let salt = hashedText.split(".")[0]
let hashed = await hash(salt, text)
return (hashed === hashedText) ? true : false
}
module.exports = {
hash,
compare
}
```

Same as PBKDF2, Before calling the hash function, you can generate the `randomSalt`

value just like this

```
let randomSalt = crypto.randomBytes(16).toString("hex")
```

Notice that we also return the `randomSalt`

together with the `derivedKey`

to make the password unpredictable.

That’s it. Those are the 4 types of hash that we can use in NodeJS using the crypto library.