NodeJS“加密”哈希似乎产生不同于Crypto-JS JavaScript库的输出 [英] NodeJS "crypto" hash seems to produce different output than Crypto-JS javascript library
问题描述
我正在使用NodeJS的捆绑 crypto
模块用于服务器端的SHA256散列。
在客户端,我使用一个名为 Crypto-JS
。
我使用SHA256散列作为登录系统,使用经典的基于nonce的认证。然而,我的服务器端和客户端散列摘要不匹配,即使散列消息是相同的(我已经检查过)。即使是hash-digests的长度也是不同的。
这是我的客户端实现的一个片段:
var password_hash = CryptoJS.SHA256(token.nonce / *这是服务器的随机数* / + cnonce +密码).toString(CryptoJS.enc.Base64);
这是我的服务器端实现的代码片段:
var sha256 = CRYPTO.createHash(sha256);
sha256.update(snonce + cnonce + password,utf-8);
var hash = sha256.digest(base64);
以下是一些示例数据:
客户端 - 消化:d30ab96e65d09543d7b97d7cad6b6cf65f852f5dd62c256595a7540c3597eec4
服务器摘要:vZaCi0mCDufqFUwVO40CtKIW7GS4h + XUhTUWxVhu0HQ =
客户端的消息:O1xxQAi2Y7RVHCgXoX8 + AmWlftjSfsrA / yFxMaGCi38ZPWbUZBhkVDc5eadCHszzbcOdgdEZ6be + AZBsWst +度Zw == b3f23812448e7e8876e35a291d633861713321fe15b18c71f0d54abb899005c9princeofnigeria
服务器消息:O1xxQAi2Y7RVHCgXoX8 + AmWlftjSfsrA / yFxMaGCi38ZPWbUZBhkVDc5eadCHszzbcOdgdEZ6be + AZBsWst +度Zw == b3f23812448e7e8876e35a291d633861713321fe15b18c71f0d54abb899005c9princeofnigeria
是否有人知道为什么哈希是不同的?我认为如果它是相同的协议/算法,它将始终产生相同的散列。
编辑:哇。我去了这个在线哈希工具,它为同样的消息生成另一个摘要:
4509a6d5028b217585adf41e7d49f0e7c1629c59c29ce98ef7fbb96c6f27502c
编辑编辑:另一个想法是,在线哈希工具不同的原因可能是因为它使用十六进制
编码,而我使用 base64
问题的确在于编码。 b $ b
查看客户端实现:
$ b var password_hash = CryptoJS.SHA256(message).toString(CryptoJS.enc .Base64);
CryptoJS.enc.Base64
参数实际上需要另一个组件在我没有包含的CryptoJS库中(存储在js文件中: enc-base64-min.js
)。因此,如果没有有效的编码类型,它默认为 hex
。 感谢@dhj指出编码问题!
I am using NodeJS's bundled crypto
module for SHA256 hashing on the server-side.
On the client-side, I am using a javascript library called Crypto-JS
.
I am using SHA256 hashes for a login system that uses classical nonce-based authentication. However, my server-side and client-side hash-digests don't match up even when the hash-messages are the same (I have checked this). Even the length of the hash-digests are different.
This is a snippet of my client-side implementation:
var password_hash = CryptoJS.SHA256( token.nonce /*this is the server's nonce*/ + cnonce + password ).toString(CryptoJS.enc.Base64);
This is a snippet of my server-side implementation:
var sha256 = CRYPTO.createHash("sha256");
sha256.update(snonce+cnonce+password, "utf-8");
var hash = sha256.digest("base64");
This is some sample data:
client-digest: d30ab96e65d09543d7b97d7cad6b6cf65f852f5dd62c256595a7540c3597eec4
server-digest: vZaCi0mCDufqFUwVO40CtKIW7GS4h+XUhTUWxVhu0HQ=
client-message: O1xxQAi2Y7RVHCgXoX8+AmWlftjSfsrA/yFxMaGCi38ZPWbUZBhkVDc5eadCHszzbcOdgdEZ6be+AZBsWst+Zw==b3f23812448e7e8876e35a291d633861713321fe15b18c71f0d54abb899005c9princeofnigeria
server-message: O1xxQAi2Y7RVHCgXoX8+AmWlftjSfsrA/yFxMaGCi38ZPWbUZBhkVDc5eadCHszzbcOdgdEZ6be+AZBsWst+Zw==b3f23812448e7e8876e35a291d633861713321fe15b18c71f0d54abb899005c9princeofnigeria
Does anyone know why the hashes are different? I thought that if it is the same protocol/algorithm, it will always produce the same hash.
Edit: Wow. I went to this online hashing tool and it produces yet another digest for the same message:
4509a6d5028b217585adf41e7d49f0e7c1629c59c29ce98ef7fbb96c6f27502c
Edit Edit: On second thought, the reason for the online hashing tool being different is probably because it uses a hex
encoding and I used base64
The problem was indeed with encodings.
Look at the client-side implementation:
var password_hash = CryptoJS.SHA256(message).toString(CryptoJS.enc.Base64);
The CryptoJS.enc.Base64
parameter actually requires another component in the CryptoJS library that I did not include (stored in a js file: enc-base64-min.js
). So, in the absence of a valid encoding type, it defaulted to hex
.
Thanks @dhj for pointing out the encoding issue!
这篇关于NodeJS“加密”哈希似乎产生不同于Crypto-JS JavaScript库的输出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!