Open kspearrin opened 7 years ago
Looks like encoding the values with utf8 bytes prior to passing them to forge.pbkdf2
solves the issue:
forge.pbkdf2(forge.util.encodeUtf8(password.value), forge.util.encodeUtf8(salt.value), 5000, 256 / 8, "sha256")
https://jsfiddle.net/tgb1z1rn/3/
Perhaps this should be the default?
I just ran into this issue as well. I first was doing unescape( encodeURIComponent( password ) )
, but encodeUtf8() is at least marginally cleaner.
… and, yes, I agree that this is desirable as default behavior. At least have it try again if the decode fails and there are code points above 255 in the string.
SJCL creates the expected result (compared with other crypto libs as well). Forge makes something else.
Forge version 0.7.0
Example: https://jsfiddle.net/tgb1z1rn/2/
Correct
password:
123
salt:abc
forge result:H8gykxsD40tS7/hbR95gqIKCy5SIUbgdaKq4S1hXNhI=
sjcl result:H8gykxsD40tS7/hbR95gqIKCy5SIUbgdaKq4S1hXNhI=
Incorrect
password:
123ù
salt:abc
forge result:oUSVM/dLB8+NAd9Kq273ZyILVPp3BqWYEx4vUhWHkkc=
sjcl result:UNSf8ufpIMgbVW/rn11BBbYkrm3kEHhb/W6gCcI/ozc=
Incorrect
password:
123
salt:abcù
forge result:8En13SHfP3HELhM3IGqbpML7al0dCury4etfU1vzZx0=
sjcl result:XmLVG3R7rrsVOzYUjAguAooUqPHFE7M54DYSLb9+fts=