Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Essential Cryptography for JavaScript Developers

You're reading from   Essential Cryptography for JavaScript Developers A practical guide to leveraging common cryptographic operations in Node.js and the browser

Arrow left icon
Product type Paperback
Published in Feb 2022
Publisher Packt
ISBN-13 9781801075336
Length 220 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Alessandro Segala Alessandro Segala
Author Profile Icon Alessandro Segala
Alessandro Segala
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Part 1 – Getting Started
2. Chapter 1: Cryptography for Developers FREE CHAPTER 3. Chapter 2: Dealing with Binary and Random Data 4. Part 2 – Using Common Cryptographic Operations with Node.js
5. Chapter 3: File and Password Hashing with Node.js 6. Chapter 4: Symmetric Encryption in Node.js 7. Chapter 5: Using Asymmetric and Hybrid Encryption in Node.js 8. Chapter 6: Digital Signatures with Node.js and Trust 9. Part 3 – Cryptography in the Browser
10. Chapter 7: Introduction to Cryptography in the Browser 11. Chapter 8: Performing Common Cryptographic Operations in the Browser 12. Other Books You May Enjoy

Key derivation

In all our examples so far, we've generated a new key every time by grabbing a random sequence of bytes from crypto.randomBytes. While a random key always gives the best security, in many situations we need to be able to have a memorable (or at least, human-readable) passphrase to derive the symmetric keys from.

As we mentioned previously, AES requires a 128-, 192-, or 256-bit key, which means 16, 24, or 32 bytes. You might be tempted to grab a string of 16 characters and call it a 128-bit key, such as thisismykey12345… however, that would be a really bad idea. Despite being 128 bits in length, it is only made up of lowercase letters and numbers, so its entropy is significantly lower than 128 bits: in fact, this has only about 60 bits of entropy, which means that it can be cracked relatively quickly with a brute-force attack (see Chapter 3, File and Password Hashing with Node.js, for an explanation on entropy).

However, all is not lost, and we can...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image