Open merrittholmes opened 11 years ago
Yep - I ran into this as well I think. Updated versions of the components (node, express, etc.) cause a problem with the crypto library if I recall. Not sure I recall how I fixed it. If I remember I'll update you. Check the comments on the crypto libraries.
Yep it is a bug in node 10.
It can be worked around by altering the hash function in the pwd library. I believe the actual bug has been fixed, just not merged yet.
Sent from my iPhone
On 25 Jun 2013, at 01:41, dstroot notifications@github.com wrote:
Yep - I ran into this as well I think. Updated versions of the components (node, express, etc.) cause a problem with the crypto library if I recall. Not sure I recall how I fixed it. If I remember I'll update you. Check the comments on the crypto libraries.
— Reply to this email directly or view it on GitHub.
I just ran in to a similar issue (OS X), where CouchDB (user.hash) was returning an array like: "[150, 50, 10, ... ]" and the crypto library (pass.hash) was returning a SlowBuffer like: "<SlowBuffer 96 a3 7c 2b ad 62I". The "==" comparison was always returning false. I managed to resolve it by changing the Passport LocalStrategy to do a deeper check on each octet.
I'm no expert... but if you guys think this is more stable, I'll do a pull request. Any ideas on a better way to do this?
(Edit: In index.js), here is the function I added to check if the user's submitted hash'd password equals the hash stored in the DB.
function isHashEqual(hash1,hash2)
{
var len = hash1.length;
if(hash2.length !== len){
return false;
}
for(var i=0; i<=len; i++){
if(hash1[i] !== hash2[i])
return false;
}
return true;
}
Alex - I'd be happy to support a pull request. I think I used a different approach in a recent project - check out the auth example in the ExpressJS repository: https://github.com/visionmedia/express/tree/master/examples
That might give a good hint where to go with this - but in any case I'd be happy to get this fixed so it's a good working example.
Cheers.
Hi, Your example is great and it works perfectly when run from a windows server, however I ported over to ubuntu and now when I register my password hash goes from:
Þ!ÿ-Í'¿JÊs5,ÅÕ®ÀR°cÊó^jÿBÑóäMùÂ;ãk'q +v rרóµ=¬YfúÅÖ0}+·¬±$º/4×é¤j¡Gþ7ÿ`þBÿÀí> 94ÈYâ ÜLÝ" ÙpõÖ¨éY-ìÏó{
to
[47, 88, 49, 74, 176, 198, 114, 151, 96, 206, 239, 158, 35, 212, 198, 97, 231, 255, 161, 209, 68, 38, 9, 133, 19, 45, 98, 206, 124, 94, 114, 43, 122, 234, 164, 83, 83, 97, 147, 16, 250, 231, 6, 69, 80, 41, 89, 133, 107, 247, 211, 141, 32, 154, 197, 56, 89, 113, 58, 3, 190, 230, 183, 22, 74, 189, 246, 225, 252]
when using ubuntu instead of windows and when I login it always says my password is wrong
Any ideas whats going on here?