Hey dev.to community!
BxJS Weekly Episode 65 is now out! ๐
Listen to the best javascript news of the week in a podcast form right here.
Here's all the mentioned links (also found on github):
Getting started:
- React component lifecycle with Hookยง
- Handling Errors in Vue.js
- Vue.js And SEO: How To Optimize Reactive Websites For Search Engines And Bots
- Unit Testing in Angular
- How to migrate from HOCs to Hooks
- Typescript interface vs. type
- Testing with Svelte and Ava
- React for Vue developers
- Functional javascript: five ways to calculate an average with array reduce
- You don't need passport.js - Guide to node.js authentication
- 5 Programming Patterns I Like
- 12 tips for writing clean and scalable JavaScript
- Creating Your Own React Validation Library
- Four patterns for global state with React hooks: Context or Redux
Articles & News:
- Transducers - a Generalized Concept for Data Transformations
- Compiling C to WebAssembly without Emscripten
- Enabling Modern JavaScript on npm
- Building a Multi Streaming Alexa Skill with the Alexa Skills Kit
- Better apps with react server-side rendering
- Front-End Documentation, Style Guides and the Rise of MDX
Tips, tricks & bit-sized awesomeness:
- Pointcloud effect in Three.js
- Why I'm still using jQuery in 2019
- Run WebAssembly Outside The Sandbox at 95% Native Speed
- CKEditor 4 - Integrate WYSIWYG editor with React
- JavaScript and evidence-based language design
- What's New In DevTools (Chrome 76)
- Urql, Grown Up
- Upcoming VSCode Feature: Inspect element
- Node.js is 10 years old!
Releases:
- Angular 8
- TypeScript 3.5
- GraphiQL Explorer 2.0
- Verdaccio 4
- PapaParse v5.0
- Node v10.16.0
- Ember 3.10
- Nuxt v2.8.0
- Preact 10.0.0 beta 2
Libs & demos:
- MDsveX
- react-vertex
- Left
- xstyled
- codespeak
- rayo.js
- zdog
- tosin
- Royalbox
- FunctionScript
- fabulous
- luda
- scenejs
- fullstackopen
- medium-to-own-blog
- trash
- node-bluetooth-serial-port
- tedious
- normalizr
- MQTT.js
- react-physics-dragger
- reaptcha
- react-div-100vh
Interesting & silly stuff:
Any feedback is appreciated ๐
Additional stuff:
Social media links:
If you enjoy my content, please consider supporting me ๐
Top comments (3)
Just saying -- storing the salt alongside the hash is very common. It's used just about everywhere (/etc/shadow, bcrypt in generalโฆ).
The alternative is: how are you to be able to log in? If the salt isn't stored, then the hash becomes useless. If it is stored, but is constant across the database; then what point does the salt have? It would be a problem were it sha1 or similar, but it isn't.
Other than thatโฆ argon2 is quite strong so far at least.
But if your DB is leaked - wouldn't that make decrypting password easier? ๐ค
Having one common salt that's not in DB would mean that attacked upon acquiring that DB would have to first figure out what that salt was.
Or am I just misunderstanding something here? ๐ค
Edit: Just did some googling, and apparently I totally confused salt with encryption keys used in a different set of algos all this time. I am a bit of an idiot ๐คฆโโ๏ธ
Yeah. Main difference is between initialization vector/key (you keep the initialization vector and remember the key) and a randomness adder (salt). A salt and an IV are similar, in that they introduce uniqueness into place there might not be otherwise.