1

I am using angular 6 and keycloak, I don't want to send password in clear text over the network.

Keycloak supports only pbkdf2_sha256 hashing algoritm, so I need a suggestion on how I can encrypt a password using same hashing algorithm before sending it to keycloak over the network

Improve this question
1
  • 1
    If you're using HTTPS and you're not passing the password in the URL, it's no longer being sent over in plain text. Hashing passwords on the client-side is usually not a good practice. Commented Dec 14, 2018 at 8:27

1 Answer 1

Reset to default
1

You can use any NPM package for hashing password at the client-side, (sha1, sha256), As long as you are not storing the password on the client side as plain text avoid doing this:

npm install sha1
import * as sha1 from 'sha1/sha1';
const encryptedPassword = sha1(userCreds.password);

Instead, you can useJsonWebToken and HTTPS, Hope this helps

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.