tessl/npm-libsodium-wrappers
The Sodium cryptographic library compiled to pure JavaScript providing comprehensive cryptographic operations including encryption, digital signatures, key exchange, password hashing, and random number generation for web browsers and Node.js environments.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Pending
The risk profile of this skill
hashing.mddocs/
Hashing and Key Derivation
Cryptographic hash functions and key derivation functions for data integrity, key management, and secure key generation from master keys.
Capabilities
Generic Hash (BLAKE2b)
Fast, secure hash function suitable for general-purpose hashing with optional keying for MAC operations.
/**
* Computes a BLAKE2b hash of the input
* @param hash_length - Desired hash length in bytes (1-64)
* @param message - The data to hash
* @param key - Optional key for keyed hashing (MAC mode)
* @returns Hash digest of specified length
*/
function crypto_generichash(hash_length, message, key);
/**
* Generates a random key for keyed generic hashing
* @returns 32-byte key for BLAKE2b MAC mode
*/
function crypto_generichash_keygen();
/**
* Initializes streaming hash computation
* @param key - Optional key for keyed hashing
* @param hash_length - Desired final hash length in bytes
* @returns State address for streaming operations
*/
function crypto_generichash_init(key, hash_length);
/**
* Updates streaming hash with a data chunk
* @param state_address - State from crypto_generichash_init
* @param message_chunk - Data to add to the hash
*/
function crypto_generichash_update(state_address, message_chunk);
/**
* Finalizes streaming hash computation
* @param state_address - State from crypto_generichash_init
* @param hash_length - Final hash length in bytes
* @returns Final hash digest
*/
function crypto_generichash_final(state_address, hash_length);
/**
* BLAKE2b with salt and personalization parameters
* @param subkey_len - Length of derived key/hash
* @param key - Optional key material
* @param id - Salt parameter for domain separation
* @param ctx - Personalization parameter
* @returns Derived key or hash
*/
function crypto_generichash_blake2b_salt_personal(subkey_len, key, id, ctx);Usage Example:
// Simple hash
const message = sodium.from_string("Hello, World!");
const hash = sodium.crypto_generichash(32, message);
console.log(sodium.to_hex(hash));
// Keyed hash (MAC)
const key = sodium.crypto_generichash_keygen();
const mac = sodium.crypto_generichash(32, message, key);
// Streaming hash
let state = sodium.crypto_generichash_init(null, 32);
sodium.crypto_generichash_update(state, sodium.from_string("Hello, "));
sodium.crypto_generichash_update(state, sodium.from_string("World!"));
const streamHash = sodium.crypto_generichash_final(state, 32);Standard Hash Functions
/**
* Computes SHA-512 hash
* @param message - The data to hash
* @returns 64-byte SHA-512 hash
*/
function crypto_hash(message);
/**
* Computes SHA-256 hash
* @param message - The data to hash
* @returns 32-byte SHA-256 hash
*/
function crypto_hash_sha256(message);
/**
* Computes SHA-512 hash
* @param message - The data to hash
* @returns 64-byte SHA-512 hash
*/
function crypto_hash_sha512(message);Streaming Standard Hashes
// SHA-256 streaming
function crypto_hash_sha256_init();
function crypto_hash_sha256_update(state_address, message_chunk);
function crypto_hash_sha256_final(state_address);
// SHA-512 streaming
function crypto_hash_sha512_init();
function crypto_hash_sha512_update(state_address, message_chunk);
function crypto_hash_sha512_final(state_address);Key Derivation Function (KDF)
Derive multiple keys from a single master key using BLAKE2b-based KDF.
/**
* Derives a subkey from a master key
* @param subkey_len - Length of derived key in bytes
* @param subkey_id - Subkey identifier (number or BigInt)
* @param ctx - Context string for domain separation (null-terminated)
* @param key - 32-byte master key
* @returns Derived subkey of specified length
*/
function crypto_kdf_derive_from_key(subkey_len, subkey_id, ctx, key);
/**
* Generates a random master key for KDF operations
* @returns 32-byte master key
*/
function crypto_kdf_keygen();KDF Usage Example:
// Generate master key
const masterKey = sodium.crypto_kdf_keygen();
// Derive different keys for different purposes
const encryptionKey = sodium.crypto_kdf_derive_from_key(32, 1, "encryption", masterKey);
const authKey = sodium.crypto_kdf_derive_from_key(32, 2, "authentication", masterKey);
const signingKey = sodium.crypto_kdf_derive_from_key(32, 3, "signing", masterKey);
// Keys are deterministic - same inputs always produce same outputs
const sameKey = sodium.crypto_kdf_derive_from_key(32, 1, "encryption", masterKey);
// encryptionKey equals sameKeyShort Hash Functions
Fast keyed hash functions designed for hash tables, data structures, and checksums. Provides shorter outputs optimized for performance over security.
/**
* Computes a fast keyed short hash using SipHash-2-4
* @param message - The data to hash
* @param key - 16-byte key for the hash function
* @returns 8-byte hash digest
*/
function crypto_shorthash(message, key);
/**
* Generates a random key for short hash functions
* @returns 16-byte key for short hash operations
*/
function crypto_shorthash_keygen();
/**
* Computes a keyed short hash using SipHashX-2-4 variant
* @param message - The data to hash
* @param key - 16-byte key for the hash function
* @returns 16-byte hash digest (longer than standard short hash)
*/
function crypto_shorthash_siphashx24(message, key);Short Hash Usage Example:
// Generate key for consistent hashing
const shortHashKey = sodium.crypto_shorthash_keygen();
// Hash data for hash table or data structure
const data1 = sodium.from_string("user:123");
const data2 = sodium.from_string("user:456");
const hash1 = sodium.crypto_shorthash(data1, shortHashKey);
const hash2 = sodium.crypto_shorthash(data2, shortHashKey);
// Convert to numbers for hash table indexing
const hashNum1 = new DataView(hash1.buffer).getBigUint64(0, true);
const hashNum2 = new DataView(hash2.buffer).getBigUint64(0, true);
// Use SipHashX variant for 16-byte output when more hash bits are needed
const longHash = sodium.crypto_shorthash_siphashx24(data1, shortHashKey);Constants
// Generic Hash (BLAKE2b)
const crypto_generichash_BYTES = 32; // Default hash size
const crypto_generichash_BYTES_MIN = 16; // Minimum hash size
const crypto_generichash_BYTES_MAX = 64; // Maximum hash size
const crypto_generichash_KEYBYTES = 32; // Key size for MAC mode
const crypto_generichash_KEYBYTES_MIN = 16; // Minimum key size
const crypto_generichash_KEYBYTES_MAX = 64; // Maximum key size
// Standard Hashes
const crypto_hash_BYTES = 64; // SHA-512 size
const crypto_hash_sha256_BYTES = 32; // SHA-256 size
const crypto_hash_sha512_BYTES = 64; // SHA-512 size
// Key Derivation
const crypto_kdf_BYTES_MIN = 16; // Minimum derived key size
const crypto_kdf_BYTES_MAX = 64; // Maximum derived key size
const crypto_kdf_KEYBYTES = 32; // Master key size
const crypto_kdf_CONTEXTBYTES = 8; // Context string size
// Short Hash
const crypto_shorthash_BYTES = 8; // Short hash size
const crypto_shorthash_KEYBYTES = 16; // Short hash key size
const crypto_shorthash_siphashx24_BYTES = 16; // SipHashX-2-4 hash size
const crypto_shorthash_siphashx24_KEYBYTES = 16; // SipHashX-2-4 key sizeSecurity Considerations
- Hash Selection: Use BLAKE2b (generic hash) for new applications - it's faster and more secure than SHA-2
- Key Management: Keep KDF master keys secure - compromise exposes all derived keys
- Context Separation: Use different context strings for different key purposes in KDF
- Streaming State: Properly manage streaming hash state to avoid memory leaks
- MAC Keys: Use random keys for MAC operations, not passwords or predictable values
- Short Hash Usage: Short hashes are designed for performance, not cryptographic security
- Use for hash tables, checksums, and non-security-critical applications
- Do not use for cryptographic purposes - use BLAKE2b or HMAC instead
- Always use a secret key to prevent hash flooding attacks in data structures