Are there any SHA-256 javascript implementations that are generally considered trustworthy?

hash javascript sha256 sha2
jono picture jono · Aug 19, 2013 · Viewed 159k times · Source

I am writing a login for a forum, and need to hash the password client side in javascript before sending it on to the server. I'm having trouble figuring out which SHA-256 implementation I can actually trust. I was expecting there to be some kind of authoritative script that everyone used, but I'm finding loads of different projects all with their own implementations.

I realize using other people's crypto is always a leap of faith unless you're qualified to review it yourself, and that there is no universal definition of "trustworthy", but this seems like something common and important enough that there ought to be some kind of consensus on what to use. Am I just naive?

Edit since it comes up a lot in the comments: Yes, we do a more stringent hash again on the server side. The client side hashing is not the final result that we save in the database. The client side hashing is because the human client requests it. They have not given a specific reason why, probably they just like overkill.

Answer

tylerl picture tylerl · Aug 20, 2013

OUTDATED: Many modern browsers now have first-class support for crypto operations. See Vitaly Zdanevich's answer below.

The Stanford JS Crypto Library contains an implementation of SHA-256. While crypto in JS isn't really as well-vetted an endeavor as other implementation platforms, this one is at least partially developed by, and to a certain extent sponsored by, Dan Boneh, who is a well-established and trusted name in cryptography, and means that the project has some oversight by someone who actually knows what he's doing. The project is also supported by the NSF.

It's worth pointing out, however...
... that if you hash the password client-side before submitting it, then the hash is the password, and the original password becomes irrelevant. An attacker needs only to intercept the hash in order to impersonate the user, and if that hash is stored unmodified on the server, then the server is storing the true password (the hash) in plain-text.

So your security is now worse because you decided add your own improvements to what was previously a trusted scheme.

Related questions

Generate a Hash from string in Javascript

I need to convert strings to some form of hash. Is this possible in JavaScript? I'm not utilizing a server-side language so I can't do it that way.

Read More
How to generate an MD5 file hash in JavaScript?

How to write functionToGenerateMD5hash for this code? I already have fileVideo and I need to send the corresponding md5 hash to the server by clicking on the button. $("#someButton").click(function() { var fr = new FileReader(); fr.onload = function(e) { …

Read More
How is a JavaScript hash map implemented?

I currently work with OpenLayers and have a huge set of data to draw into a vector layer (greater than 100000 vectors). I'm now trying to put all these vectors into a JavaScript hash map to analyze the performance. I want …

Read More