Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
A fast and independent hashing library pure JavaScript implemented (ES3 compliant) for both server and client side (MD5, SHA1, SHA256, SHA512, RIPEMD, HMAC and Base64)
jshashes
is lightweight library implementing the most extended cryptographic hash function algorithms in pure JavaScript (ES5 compliant).
The goal is to provide an dependency-free, fast and reliable solution for hash algorithms for both client-side and server-side JavaScript environments. The code is fully compatible with the ECMAScript 5 specification and is used in production in browsers and node.js/io.js
If you are looking for a low-level performance library for the server-side, note that node.js/io.js provides its own native module: crypto
MD5
(http://www.ietf.org/rfc/rfc1321.txt)SHA1
(http://www.itl.nist.gov/fipspubs/fip180-1.htm)SHA256
(http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf)SHA512
(http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf)HMAC
(http://www.ietf.org/rfc/rfc2104.txt)RIPEMD-160
(http://homes.esat.kuleuven.be/~bosselae/ripemd160.html)Aditional functionalities
Base64 encoding/decoding
(http://tools.ietf.org/html/rfc3548)CRC-32 calculation
UTF-8 encoding/decoding
Each algorithm has its respective own instantiable object
. Here you can see an example of how to create a new instance for each one:
// new MD5 instance
var MD5 = new Hashes.MD5
// new SHA1 instance
var SHA1 = new Hashes.SHA1
// new SHA256 instance
var SHA256 = new Hashes.SHA256
// new SHA512 instace
var SHA512 = new Hashes.SHA512
// new RIPEMD-160 instace
var RMD160 = new Hashes.RMD160
An example of how to generate an hexadecimal-based hash encoding for each algorithm:
// sample string
var str = 'Sample text!'
// output to console
console.log('MD5: ' + MD5.hex(str))
console.log('SHA1: ' + SHA1.hex(str))
console.log('SHA256: ' + SHA256.hex(str))
console.log('SHA512: ' + SHA512.hex(str))
console.log('RIPEMD-160: ' + RMD160.hex(str))
This is a simple implementation for a client-side environment:
<html>
<head>
<script type="text/javascript" src="src/hashes.js"></script>
<script type="text/javascript">
// sample string
var str = 'This is a sample text!'
// new MD5 instance and hexadecimal string encoding
var MD5 = new Hashes.MD5().hex(str)
// output into DOM
document.write('<p>MD5: <b>' + MD5 + '</b></p>')
</script>
</head>
<body>
</body>
</html>
// require the module
var Hashes = require('jshashes')
// sample string
var str = 'This is a sample text!'
// new SHA1 instance and base64 string encoding
var SHA1 = new Hashes.SHA1().b64(str)
// output to console
console.log('SHA1: ' + SHA1)
You can use the simple command-line interface to generate hashes.
$ hashes sha1-hex This is a sample string
> b6a8501d8a70e74e1dc12a6082102622fdc719bb
# or with quotes
$ hashes sha1-hex "This is a sample string"
> b6a8501d8a70e74e1dc12a6082102622fdc719bb
For more information about the options supported, type:
$ hashes -h
Via npm
$ npm install jshashes
Via Bower:
$ bower install jshashes
Via Component:
$ component install h2non/jshashes
Or loading the script directly:
http://cdn.rawgit.com/h2non/jsHashes/master/hashes.js
Each algorithm class
provides the following public methods:
hex(string)
- Hexadecimal hash encoding from string.b64(string)
- Base64 hash encondig from string.any(string,encoding)
- Custom hash algorithm values encoding.hex_hmac(key,string)
- Hexadecimal hash with HMAC salt key.b64_hmac(key,string)
- Base64 hash with HMAC salt key.any_hmac(key,string,encoding)
- Custom hash values encoding with HMAC salt key support.vm_test()
- Simple self-test to see is working. Returns this
Object.setUpperCase(boolean)
- Enable/disable uppercase hexadecimal returned string. Returns this
Object.setPad(string)
- Defines a custom base64 pad string. Default is '=' according with the RFC standard. Returns this
Object.setUTF8(boolean)
- Enable/disable UTF-8 character encoding. Returns this
Object.any()
methodNode.js 0.6.18 running on a VPS Intel I7 930 with 512 MB of RAM (see server/benchmark.js
)
Simple benchmark test generating 10000 hashes for each algorithm.
String: "A0gTtNtKh3RaduBfIo59ZdfTc5pTdOQrkxdZ5EeVOIZh1cXxqPyexKZBg6VlE1KzIz6pd6r1LLIpT5B8THRfcGvbJElwhWBi9ZAE"
* MD5
** Done in: 205 miliseconds
* SHA1
** Done in: 277 miliseconds
* SHA256
** Done in: 525 miliseconds
* SHA512
** Done in: 593 miliseconds
* RMD160
** Done in: 383 miliseconds
See client/benchmark.html
for client-side.
jsHashes
in other server-side JS environment.1.0.7
1.0.6
pad
typo.1.0.4
1.0.3
1.0.2
1.0.1
0.1.5b
0.1.4b
0.1.3b
Helpers
Object with some global functionsclass
0.1.2b
0.1.1b
0.1.0b
jsHashes is released under New BSD
license. See LICENSE
file.
Feel free to report any issue you experiment via Github https://github.com/h2non/jsHashes/issues.
FAQs
A fast and independent hashing library pure JavaScript implemented (ES3 compliant) for both server and client side (MD5, SHA1, SHA256, SHA512, RIPEMD, HMAC and Base64)
We found that jshashes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.