Closed michielbdejong closed 7 years ago
SHA-256 seems to be a good one-way hash function which satisfies all these conditions. I'm not sure whether it would be better to, for instance, to apply SHA-256 1000 times instead of just once. Since the string that's being hashed is random, we probably don't have to think about things like padding and salt.
it's important though, I think, to state that both the random string and the hash value are represented in base64, but the hash function is applied to the raw bytes (not to the base64 representation).
So far, I've used signing a cleartext with a key type that is supported by WebCrypto.
Finding the cleartext which has a certain hash given a certain strong secure hashing algorithm would probably be another option.
What is a challenge that is: