Unahashisha vipi nywila na kutumia crypto module?

Question

Accepted Answer

Module ya **`crypto`** iliyojengwa ndani ya Node hutoa funguo za kicryptographia: hashing, encryption, thamani za nasibu, na HMAC. Matumizi muhimu zaidi ya kivitendo — **hashing ya nywila** — ina kanuni muhimu: kamwe usitumie hashes za haraka, za matumizi ya jumla (MD5/SHA-256) kwa nywila.

## Hashing ya nywila: tumia algoritimu YA POLEPOLE, yenye salt

```js
import { scrypt, randomBytes, timingSafeEqual } from "crypto";
import { promisify } from "util";
const scryptAsync = promisify(scrypt);

// HASH a password (on signup)
async function hashPassword(password) {
  const salt = randomBytes(16).toString("hex");          // unique random salt per user
  const derived = await scryptAsync(password, salt, 64); // slow, salted derivation
  return `${salt}:${derived.toString("hex")}`;            // store salt + hash together
}

// VERIFY a password (on login)
async function verify(password, stored) {
  const [salt, hash] = stored.split(":");
  const derived = await scryptAsync(password, salt, 64);
  const hashBuf = Buffer.from(hash, "hex");
  return timingSafeEqual(hashBuf, derived); // constant-time compare (avoid timing attacks)
}
```

Vidokezo muhimu: **`scrypt`** (au bcrypt/argon2) ni *ya polepole kimakusudi* ili kupinga brute-force; **salt ya kipekee kwa kila nywila** hushinda rainbow tables; na **`timingSafeEqual`** hulinganisha hashes kwa muda thabiti ili kuzuia timing attacks.

## Kwa nini USITUMIE MD5/SHA-256 kwa nywila

```js
// ❌ NEVER do this — SHA/MD5 are FAST, so attackers can guess billions/sec
crypto.createHash("sha256").update(password).digest("hex");
```

Hashes za haraka ni sawa kwa file checksums lakini ni janga kwa nywila — kasi yao ndiyo hasa inayozifanya kuwa rahisi kuvunjwa kwa brute-force. (Kwa vitendo, maktaba kama **bcrypt** au **argon2** hupendelewa zaidi kuliko scrypt mbichi kwa urahisi wa matumizi.)

## Matumizi mengine ya crypto

```js
import crypto from "crypto";

crypto.randomBytes(32).toString("hex");        // secure random tokens (session ids, CSRF)
crypto.randomUUID();                            // a secure UUID v4

// HMAC — verify integrity/authenticity (e.g. webhook signatures)
crypto.createHmac("sha256", secret).update(payload).digest("hex");

// hashing for NON-secret integrity (file checksums) — SHA is fine here
crypto.createHash("sha256").update(fileBuffer).digest("hex");
```

## Kwa nini ni muhimu

Kufanya uhifadhi wa nywila kwa usahihi ni jukumu muhimu la usalama, na ni kosa la kawaida na hatari kutumia hashes za haraka au kuruka salting.

Module ya `crypto` (au bcrypt/argon2 za kiwango cha juu) hutoa primitives sahihi: hashing ya polepole yenye salt kwa nywila, ulinganishaji wa muda thabiti, uzalishaji wa nasibu salama kwa tokens, na HMAC kwa kuthibitisha uadilifu (kama webhook signatures).

Kuelewa *kwa nini* nywila zinahitaji ushughulikiaji wa polepole, wenye salt, na muda thabiti — na kwamba hashes za haraka ni za checksums zisizo siri tu — ni jambo la lazima kwa kujenga authentication isiyowaweka watumiaji kwenye hatari ya wizi wa credentials.