$(function(){ $("#submit-login").click(function(){ var userId = $("#inputUserId").val(); var request = $.ajax({ type: "POST", url: "/check", data: { user_id: userId } }); request.done(function(salts){ console.log(salts); salts = JSON.parse(salts); var passWord = $("#inputPassword").val(); var shaObj = new jsSHA("SHA-256", "TEXT"); shaObj.setHMACKey(salts.nounce, "TEXT"); shaObj.update(passWord); var hmac = shaObj.getHMAC("HEX"); var shaObj2 = new jsSHA("SHA-256", "TEXT"); shaObj2.setHMACKey(salts.salt, "TEXT"); shaObj2.update(hmac); var hmac2 = shaObj2.getHMAC("HEX"); var array = new Uint32Array(1); window.crypto.getRandomValues(array); var key=String(array[0]) var shaObj3 = new jsSHA("SHA-256", "TEXT"); shaObj3.setHMACKey(key, "TEXT"); shaObj3.update(hmac2); var hmac3 = shaObj3.getHMAC("HEX"); console.log(hmac); console.log(hmac2); console.log(hmac3); console.log(key); $.ajax({ type: "POST", url: "/check", data: { password: hmac3, salt: array[0] } }) .done(function(res){ window.location.href = "/controller"; }); }); }); });