tommywu6 / crypto-js

Automatically exported from code.google.com/p/crypto-js
0 stars 0 forks source link

Wrong SHA256 value returned #75

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

I have the following JavaScript code:

var hash = CryptoJS.SHA256('\xee').toString();

the expected value of the hash is 

"94455e3ed9f716bea425ef99b51fae47128769a1a0cd04244221e4e14631ab83" 

(I checked it using Python and few online hash calculators.)

Instead I see 

"cf1f17b9f234c4de3653dd94562d3bc86f580ce57db0881c396c1aba7fe17e14"

I am using CryptoJS v3.1.2 on Firefox 15.0 under Linux.

When the hashed string does not contain "\x" escapes the hashing works fine.

Thanks,
Sergiy Galaburda

Original issue reported on code.google.com by sergiy.g...@gmail.com on 11 Feb 2013 at 12:57

GoogleCodeExporter commented 9 years ago
The output you would get from any language or application depends on how it 
converts a character into bytes. Python and the online hash calculators are 
probably treating your input as Latin1. But JavaScript strings are Unicode, and 
every character could be one of more than a million possible characters. To 
accommodate all those possible characters, CryptoJS by default will convert 
strings to UTF-8 bytes. But if you want to get Latin1 bytes instead, you can do 
that too.

var hash = CryptoJS.SHA256( CryptoJS.enc.Latin1.parse('\xee') ).toString();

Original comment by Jeff.Mott.OR on 11 Feb 2013 at 6:03

GoogleCodeExporter commented 9 years ago

Original comment by Jeff.Mott.OR on 12 Feb 2013 at 8:21

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I don't get the explanation.

var s = '\xee';
s.length;               /*  => 1      */
'0x' + s.charCodeAt(0); /*  => "0xee" */

.. looks good, behaves like binary data.

So if CryptoJS.SHA256 is somehow converting it to UTF-8 before the hashing (and 
then back to bytes?), it is doing nonsense, in my humble opinion.

Original comment by michal.b...@gmail.com on 19 Sep 2014 at 2:54