Tuesday, June 29, 2010

MD5 in Node.js (and Fab.js)

‹prev | My Chain | next›

A quick link in my chain tonight as I try to get session IDs MD5 encoded in my (fab) game. Fab.js proper does not have any crypto support, so I need to drop down to node.js.

Happily node.js has a well documented crypto module (then again, everything in node.js is well documented). If I have var data="asdf", I can md5 sign it with:
var data = "asdf";
var crypto = require('crypto');
crypto.createHash('md5').update(data).digest("hex");
// '912ec803b2ce49e4a541068d495ab570'
In my (fab) game, I want to set a new, signed session ID if one is not already present:
function player_from_querystring() {
var out = this;
return function(head) {
if (head && head.url && head.url.search) {
var uniq_id;
if (/MYFABID=(\w+)/.test(head.headers.cookie)) {
uniq_id = RegExp.$1;
}
else {
var crypto = require('crypto');
uniq_id = crypto.
createHash('md5').
update("" + (new Date()).getTime()).
digest("hex");
}


// Other player setup...
}
else {
out();
}
};
}
There is no need for salt or SHA-1. This is a kid's game. I am simply taking reasonable steps to ensure uniq session IDs. If my kids can break this, more power to them.

That gives my nice md5 session IDs:



Actually, I have no need for crypto anywhere else, so I can compress that to:

uniq_id = require('crypto').
createHash('md5').
update("" + (new Date()).getTime()).
digest("hex");
That will have to suffice as a good stopping point for tonight. Up tomorrow, possibly some more refactoring under test.

Day #149

2 comments:

  1. Thanks for the md5 hashing code, was trying to get some extra module working until I thought of the crypto module and your example helper.

    Cheers

    ReplyDelete