我有一个JavaScript应用程序和一个Python应用程序,使用pbdkf2从密码派生的密钥进行通信。 问题是,生成的密钥不匹配。 我为每个人制作了一个最小的测试用例。
蟒蛇
import hashlib, binascii bytes = hashlib.pbkdf2_hmac('sha256', "password".encode(), b'', 100000) print(binascii.hexlify(bytes).decode())生成: 64a868d4b23af696d3734d0b814d04cdd1ac280128e97653a05f32b49c13a29a
JavaScript的
<script src="lib/sjcl.js"></script> <script> var hmacSHA256 = function (key) { var hasher = new sjcl.misc.hmac(key, sjcl.hash.sha256); this.encrypt = function () { return hasher.encrypt.apply(hasher, arguments); }; }; hash = sjcl.misc.pbkdf2("password", [0], 100000, 256, hmacSHA256); console.log(sjcl.codec.hex.fromBits(hash)); </script>生成: 41c04f824d843d5be0ae66b3f621d3f05db7d47e7c46ee0e9171b5cbff7f3631
我现在抓了很多头。 我认为b''和[0]是等价的盐,但我不确定。 我认为他们都使用utf-8来编码密码,但我不确定。 而且我不相信JavaScript hmacSHA256函数与Python正在做的完全匹配。 或者它可能还有其他东西。
I have a JavaScript app and a Python app that communicate using a key derived from a password using pbdkf2. The problem is, the generated keys don't match. I've produced a minimal test case for each.
Python
import hashlib, binascii bytes = hashlib.pbkdf2_hmac('sha256', "password".encode(), b'', 100000) print(binascii.hexlify(bytes).decode())Generates: 64a868d4b23af696d3734d0b814d04cdd1ac280128e97653a05f32b49c13a29a
JavaScript
<script src="lib/sjcl.js"></script> <script> var hmacSHA256 = function (key) { var hasher = new sjcl.misc.hmac(key, sjcl.hash.sha256); this.encrypt = function () { return hasher.encrypt.apply(hasher, arguments); }; }; hash = sjcl.misc.pbkdf2("password", [0], 100000, 256, hmacSHA256); console.log(sjcl.codec.hex.fromBits(hash)); </script>Generates: 41c04f824d843d5be0ae66b3f621d3f05db7d47e7c46ee0e9171b5cbff7f3631
I'm scratching my head a lot now. I think b'' and [0] are equivalent salts, but I'm not sure. I think they both use utf-8 to encode the password, but I'm not sure. And I'm not convinced the JavaScript hmacSHA256 function exactly matches what Python is doing. Or it could be something else still.
最满意答案
在我的头顶,你检查一下
hash = sjcl.misc.pbkdf2("password", "", 100000, 256);给出正确的结果?
据我所知,如果你没有明确地给它一个PRF,SJCL的PBKDF2实现默认为HMAC-SHA256。 如果进行更改可以修复bug,那么你的hmacSHA256包装器可能有问题。
此外,我不确定指定空盐是否[0]确实有效(或保证在未来的版本中工作,因为SJCL的bitArrays的格式显然可能会发生变化 ),但""肯定应该有效。
Off the top of my head, have you checked if
hash = sjcl.misc.pbkdf2("password", "", 100000, 256);gives the correct result?
As far as I can tell from the docs, SJCL's PBKDF2 implementation defaults to HMAC-SHA256 if you don't explicitly give it a PRF. If making that change fixes the bug, then there's probably something wrong with your hmacSHA256 wrapper.
Also, I'm not sure if specifying an empty salt as [0] really works (or is guaranteed to work in future versions, given that the format of SJCL's bitArrays is explicitly subject to change), but "" definitely should work.
更多推荐
发布评论