Encrypting password


#1

Can anyone tell me the process of encrypting password in AES256 . Or any tutorials out there??


#2

Whatever you are trying to do, there is a very good chance that you shouldn’t be doing it. Passwords should only ever be hashed and stored server side, not encrypted (and not client side). The only cases where this wouldn’t be true would require expert crypto knowledge.

I know it’s not the answer you are looking for, but you might benefit from reading this: https://www.joshmorony.com/hybrid-app-developers-dont-store-your-users-passwords/


#3

Thank you for replying Josh, first of all I’ve followed your tutorials and learnt from you a lot & thank you for making such tutorials that helped the entire Ionic community. I wish you the best and please keep making and we’ll keep learning. :slight_smile:
Now coming back to the encryption part I was trying to achieve that when a user logs in my app I want the used id and password to encrypt by using “cryptlib”(https://www.npmjs.com/package/cryptlib) before posting to the server. After that the server will decrypt it and allow sign-in.
But I was unable to do that as I was unable to understand the why the require part shows a red underline. So I thought to hit the forum and I’m glad that I did it.


#4

There’s no need to encrypt before sending it to the server, just make sure that the request is over HTTPS (and make sure that you aren’t storing the password anywhere).


#5

Sure, I’ll keep that on mind.


#6

One thing you can store is a session token. This is provided by your backend after the user credentials check out. That’s how to keep a user logged in. Then you have control over what “stay logged in” really means. Maybe you allow 5 minutes of inactivity (like a lot of banks). Maybe you allow more. Then, for critical acts, like a financial transaction, you can require the user to log in again if the session has lasted for too long.