Hey dev.to community!
BxJS Weekly Episode 65 is now out! π
Listen to the best javascript news of the week in a podcast form right here.
Here's all the mentioned links (also found on github):
Getting started:
- React component lifecycle with Hook§
- Handling Errors in Vue.js
- Vue.js And SEO: How To Optimize Reactive Websites For Search Engines And Bots
- Unit Testing in Angular
- How to migrate from HOCs to Hooks
- Typescript interface vs. type
- Testing with Svelte and Ava
- React for Vue developers
- Functional javascript: five ways to calculate an average with array reduce
- You don't need passport.js - Guide to node.js authentication
- 5 Programming Patterns I Like
- 12 tips for writing clean and scalable JavaScript
- Creating Your Own React Validation Library
- Four patterns for global state with React hooks: Context or Redux
Articles & News:
- Transducers - a Generalized Concept for Data Transformations
- Compiling C to WebAssembly without Emscripten
- Enabling Modern JavaScript on npm
- Building a Multi Streaming Alexa Skill with the Alexa Skills Kit
- Better apps with react server-side rendering
- Front-End Documentation, Style Guides and the Rise of MDX
Tips, tricks & bit-sized awesomeness:
- Pointcloud effect in Three.js
- Why I'm still using jQuery in 2019
- Run WebAssembly Outside The Sandbox at 95% Native Speed
- CKEditor 4 - Integrate WYSIWYG editor with React
- JavaScript and evidence-based language design
- What's New In DevTools (Chrome 76)
- Urql, Grown Up
- Upcoming VSCode Feature: Inspect element
- Node.js is 10 years old!
Releases:
- Angular 8
- TypeScript 3.5
- GraphiQL Explorer 2.0
- Verdaccio 4
- PapaParse v5.0
- Node v10.16.0
- Ember 3.10
- Nuxt v2.8.0
- Preact 10.0.0 beta 2
Libs & demos:
- MDsveX
- react-vertex
- Left
- xstyled
- codespeak
- rayo.js
- zdog
- tosin
- Royalbox
- FunctionScript
- fabulous
- luda
- scenejs
- fullstackopen
- medium-to-own-blog
- trash
- node-bluetooth-serial-port
- tedious
- normalizr
- MQTT.js
- react-physics-dragger
- reaptcha
- react-div-100vh
Interesting & silly stuff:
Any feedback is appreciated π
Additional stuff:
Social media links:
If you enjoy my content, please consider supporting me π
Top comments (3)
Just saying -- storing the salt alongside the hash is very common. It's used just about everywhere (/etc/shadow, bcrypt in generalβ¦).
The alternative is: how are you to be able to log in? If the salt isn't stored, then the hash becomes useless. If it is stored, but is constant across the database; then what point does the salt have? It would be a problem were it sha1 or similar, but it isn't.
Other than that⦠argon2 is quite strong so far at least.
But if your DB is leaked - wouldn't that make decrypting password easier? π€
Having one common salt that's not in DB would mean that attacked upon acquiring that DB would have to first figure out what that salt was.
Or am I just misunderstanding something here? π€
Edit: Just did some googling, and apparently I totally confused salt with encryption keys used in a different set of algos all this time. I am a bit of an idiot π€¦ββοΈ
Yeah. Main difference is between initialization vector/key (you keep the initialization vector and remember the key) and a randomness adder (salt). A salt and an IV are similar, in that they introduce uniqueness into place there might not be otherwise.