Cryptography is scary. In this tutorial, we get hands-on with Node.js to learn how common crypto concepts work, like hashing, encryption, signing, and more https://fireship.io/lessons/node-crypto-examples/
🔗 Resources
Full Tutorial https://fireship.io/lessons/node-crypto-examples/
Source Code https://github.com/fireship-io/node-crypto-examples
Node Crypto https://nodejs.org/api/crypto.html
📚 Chapters
00:00 What is Cryptography
00:52 Brief History of Cryptography
01:41 1. Hash
04:07 2. Salt
05:47 3. HMAC
06:35 4. Symmetric Encryption.
08:19 5. Keypairs
09:29 6. Asymmetric Encryption
10:22 7. Signing
11:31 Hacking Challenge
🔥 Get More Content – Upgrade to PRO
Upgrade to Fireship PRO at https://fireship.io/pro
Use code lORhwXd2 for 25% off your first payment.
🎨 My Editor Settings
– Atom One Dark
– vscode-icons
– Fira Code Font
🔖 Topics Covered
– Cryptography for Developers Basics
– Crypto algorithms: SHA, MD5, argon2, scrypt
– How password salt works
– Encryption vs Signing
– Difference between Asymmetric vs Symmetric Encryption
– How hacking works and hacks are prevented
21 Comments
at 2:28 you might have accidentally leaked your password
actually a disservice that this video doesn't cover MITM attack at all because all of these encryption schemes fail to it. being able to securely give someone your pubkey is impossible to do online with any assurance, even with diffie hellman
I am sorry for the amateur in me but it seems like the hacker will know the algorithm used if they just use inspect to see how your JavaScript file encrypts it.
This is great. Good explanation.
I don't really understand the point of salt. Since the value of both salt and hashed password is stored in the database, the hacker can just apply your salt to a list of commonly known passwords until he gets a match. I don't see an improvement over using password without salt.
Could someone explain this: if the salt is stored with the hash, can't an attacker just use the salt to calculate hash?
but how to do these operations in the frontend, eg. react?
Lol your channel is so fuckin ggood
it is so hard to understand why I do createCipher and createDecipher in the same function and they work fine together. But if I separate them away to different functions, I can not decipher it.
While I like this video, missing the concept of deriving a shared secret over a public channel without sending the secret (Diffie-Hellman) is a big miss on basic cryptographic concepts.
First
superhaker
yaye
can not show subtitle, man youtube rocks
superhacker
No one dd win yet ?
awesome
3:30 thanks for mentioning argon2 – didn't know about this
5:30 timingSafeEqual to prevent timing attack – wow, i had thoughts about that (timing attack) but didn't know it was a real thing
When u keep the salt along with the encrypted password hacker has nothing to do. Thats the most easiest way to decrypt the password. 05:20
It's an excellent video, but I have a question: Where did you learn all that information? Could You recommend learning resources/materials for complete noobs on this topic?
Super usefull
very helpful to undersand basic crypto concets in short time.