Hashing passwords
Effective encryption is a fundamental part of online security. Node provides the crypto
module that can be used to generate our own MD5 or SHA1 hashes for user passwords. Cryptographic hashes such as MD5 and SHA1 are known as message digests. Once the input data has been digested (encrypted), it cannot be put back into its original form (of course, if we know the original password, we can regenerate the hash and compare it to our stored hash).
We can use hashes to encrypt a user's password before we store them. If our stored passwords were ever stolen by an attacker, they cannot be used to log in because the attacker will not have the actual plain text passwords. However, since a hash algorithm always produces the same result, it could be possible for an attacker to crack a hash by matching it against hashes generated from the password dictionary (see the There's more... section for ways to mitigate this).