0

I want to encrypt my password using sha256 on jsp page itself using javascript to protect various security attacks and send this encrypted password to spring controller. But I am not able to get hashed string generated. This is my javascript code. First alert is coming but not the second one. Do i need to include any jar or js for sha256 to work?

document.getElementById('loginButton').onclick = function() {
        var txt_string = document.getElementById('loginPassword').value; // gets data from input text
        alert('normal  password is' + txt_string);
        // encrypts data and adds it in #strcrypt element
        var hashedpassword = SHA256(txt_string);
        alert('hashed password is' + hashedpassword);
        return false;
    }
Java Developers
  • 119
  • 11
  • Do you get an error on console? Where is SHA256 defined? – doldt Jun 23 '16 at 15:12
  • Worth a read - http://stackoverflow.com/questions/18338890/are-there-any-sha-256-javascript-implementations-that-are-generally-considered-t – James Jithin Jun 23 '16 at 15:13
  • Do not hash passwords on the web client, that is neither secure nor a best practice, hash them on the server. Iterate over an HMAC with a random salt for about a 100ms duration (the salt needs to be saved with the hash). Use functions such as password_hash,PBKDF2, Bcrypt and similar functions. The point is to make the attacker spend a lot of time finding passwords by brute force. See OWASP (Open Web Application Security Project) [Password Storage Cheat Sheet](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#Leverage_an_adaptive_one-way_function). – zaph Jun 23 '16 at 15:14
  • SHA-256 or any hash method is not encryption. – zaph Jun 23 '16 at 20:24

1 Answers1

0

SHA256 is not included by default by javascript you need to use a library, quick google search give this page http://www.movable-type.co.uk/scripts/sha256.html you can also take a look at this question Are there any SHA-256 javascript implementations that are generally considered trustworthy?

Community
  • 1
  • 1
jcubic
  • 61,973
  • 54
  • 229
  • 402