tst2005googlecode / crypto-js

Automatically exported from code.google.com/p/crypto-js
1 stars 0 forks source link

CryptoJS's PBKDF2 output differs from Node.js' require("crypto").pbkdf2 #42

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
Details of the problem can be found in this stackoverflow.com question: 
http://stackoverflow.com/questions/11268307/should-all-implementations-of-pbkdf2
-generate-the-the-same-key-from-identical-in

What is the expected output? What do you see instead?
CryptoJS's pbkdf2 output should match that of Node.js crypto.pbkdf2.

What version of the product are you using? On what operating system?
CryptoJS v3.0.2 on Windows 7 x64

Original issue reported on code.google.com by da...@vervestudios.co on 29 Jun 2012 at 8:59

GoogleCodeExporter commented 9 years ago
You'll have to fill me in on some details of NodeJS to diagnose the issue.

How does NodeJS convert strings to bits? Latin1? UTF-8?

Does NodeJS have you specify the key length in bits, bytes, or words?

What does your generateSalt function return?

Original comment by Jeff.Mott.OR on 29 Jun 2012 at 9:18

GoogleCodeExporter commented 9 years ago
Looks like I figured it out.

In the rolled up PBKDF2.js script in "CryptoJS v3.0.2.zip" 
`CryptoJS.enc.Base64` is `undefined`; this was probably intended, but not 
something I noticed.

I was comparing node's Base64 encoded output to CryptoJS's hex output.

Another caveat was that the keySizes aren't compatible between CryptoJS and 
node.js. Node needs `keySize * 4` in order to output an identical key. I'm not 
familiar with what's going on under the hood in either case; but I'll just 
assume that's intended.

Node.js's PBKDF2's documentation is pretty scarce; it does, however, say its 
"key" parameter is named `keylen`.

FYI: Node.js's crypto library is just a wrapper around some OpenSSL functions.

Original comment by da...@vervestudios.co on 29 Jun 2012 at 9:36

GoogleCodeExporter commented 9 years ago
CryptoJS measures key sizes in 32-bit words, and NodeJS measures key sizes in 
8-bit bytes. That's why you needed to multiply by 4.

Original comment by Jeff.Mott.OR on 30 Jun 2012 at 12:31

GoogleCodeExporter commented 9 years ago

Original comment by Jeff.Mott.OR on 30 Jun 2012 at 10:45