problem SPEED: hashing can't be too slow (for big files) or too fast (rainbow(*) tables)
solution: HonestHash has an optional speed parameter and can be set between 4ms ~ 22000ms
problem LENGTH: hash can't be too long (shorter hash means faster and cheaper databases)
solution: HonestHash is only 40 characters long and still without any collisions
problem SALTING: can't be hashed without a salt (rainbow tables have 43(*) billion results)
solution: HonestHash has a mandatory salt and an optional number of hashing
problem UNIVERSALITY: you must be able to reuse the same library on cliend and server
solution: HonestHash has just one implementation for Node.js and client JS
problem COLLISIONS: many hashes have already known collisions (MD5, SHA0, SHA1..)
solution: HonestHash uses internally SHA3-512 and RIPEMD-160 (not known collisions)
Installation on server within package.json
> npm install honesthash
> node require("./Honesthash.js")
Short usage with salt and speed options
var options = { salt : "744bdf813e57252146", speed : 15000 };
var result = require("./Honesthash.js")(options).hex("123");
console.log(result);
> e457227529744e2146bdf813e57259f256fd7cdc
Standard usage with more instances of the hash
var hashModule = require("./Honesthash.js");
var develHash = hashModule({ speed: 1, salt: "1f5a5ab970a1945c91394", logs: true });
var testHash = hashModule({ speed: 10000, salt: "159139413f5a5970a", logs: true });
var prodHash = hashModule({ speed: 10000, salt: "d73ce9fc1776ad4f", logs: false });
console.log( develHash.hex("123"), testHash.hex("123"), prodHash.hex("123") );
Shortest usage without options
console.log( require("./Honesthash.js")().hex("string") );
> 1176e5c9188f73a5203656949848c19680ecc062
{
(mandatory) salt: "1234567890", // your custom hash, can be any string
(optional) loop: 1, // can be between 1 and 1000000
(optional) logs: false // logs everything to console (speed, hash, string)
}
Hashing
Honest Hash puts raw string to SHA512 with given salt. SHA3-512 is used because its the best implementation of famous SHA serie and result is unique, without any collisions and strong. Problem is that is too long. This SHA3 result is given to hashing function RIPE160 and it result is provided back.
uniqButLong = SHA3-512("your string" + salt);
shortAndUniq = RIPE160(uniqButLong + salt);
Speed
Speed is inspired by Niels Provos(*) and David Mazières and theirs bcrypt. Optional speed besides
incorporating a salt protects against rainbow table attacks. Hashing iterates within a loop that is set by
optional parameter speed
. Iteration makes hashing slower, so it remains resistant to brute-force search
attacks even with increasing computer power.
Honest Hash is tested not just for English characters, but also for the Cyrillic script (1), numbers (2), special characters (3), Eastern European characters (4) and many others..
1: `бвгдеёжзийклмнопрстуфхцчшщъыьэюя`
2: `1234567890`
3: `!@#$%^&*()_-+={[}]:;"'|\?/>.<,œ∑´†¥¨ˆπ¬˚∆˙ƒ∂ßåΩ≈ç√∫˜Ω`
4: `ąàáäâãåæăăâćęèéëêìíïîîłńòóöôõøśșşțţùúüûñçżźа`
5: `zxcvbnmlkjhgfdsaqwertyuiop`
For a full benchmark see file docs/bechmark.md
, that contains results of our benchmark. We used iMac 2011
with OSX Yosimite and Node.js v10.17. Computer had installed 4GB RAM.
- Free for all projects (commercial and non-commercial)
- MIT licenced
- For security reasons - use please only the original repository