search

puleos / object-hash

Generate hashes from javascript objects in node and the browser.
MIT License
1.4k stars 146 forks source link

Support for stronger algorithms? #109

Closed sekhavati closed 3 years ago

sekhavati commented 3 years ago

The documentation for this library seems to suggest it supports any of the cryptographic hashes that crypto.getHashes() returns:

  • algorithm hash algo to be used: 'sha1', 'md5', 'passthrough'. default: sha1
  • This supports the algorithms returned by crypto.getHashes(). Note that the default of SHA-1 is not considered secure, and a stronger algorithm should be used if a cryptographical hash is desired.

Hashes available:

crypto.getHashes() // => ["sha1", "sha224", "sha256", "sha384", "sha512", "md5", ... ]

But when I try to use them I get the following error:

var hash = require('object-hash');
hash({foo: 'bar'}, { algorithm: "sha256" }) // => Error: Algorithm "sha256"  not supported. supported values: sha1, md5, passthrough

Should this work or have I misunderstood the documentation quoted above?

addaleax commented 3 years ago

@sekhavati Which environment are you running object-hash in?

sekhavati commented 3 years ago

@addaleax Thanks for the response. I'm normally using Node v14 within AWS Lambda. For the example above whilst testing it was using a vanilla codesandbox.io project.

addaleax commented 3 years ago

Right – if you’re using Node.js, this should work fine. I guess the codesandbox.io environment just reports that it supports hashes which it doesn’t actually support.