python (django) hashlib vs Nodejs crypto

眉间皱痕 提交于 2019-12-08 16:51:19

问题


I'm porting over a Django site to Node.js and I am trying to re implement the Django set password method in Node. This is the Django code

from django.utils.crypto import (
    pbkdf2, get_random_string)

import hashlib

password = 'text1'
algorithm = "pbkdf2_sha256"
iterations = 10000
salt = 'p9Tkr6uqxKtf'
digest = hashlib.sha256
hash = pbkdf2(password, salt, iterations, digest=self.digest)
hash = hash.encode('base64').strip()
print "%s$%d$%s$%s" % (self.algorithm, iterations, salt, hash)

and here's the Node.js code I have so far:

var password = 'text1';
var hashed = crypto.createHash('sha256').update(password, 'utf8').digest();
var salt = 'p9Tkr6uqxKtf';
var algorithm = "pbkdf2_sha256";
var iterations = 10000;
crypto.pbkdf2(hashed, salt, iterations, 32, function(err, encodedPassword) {
    var newPass = new Buffer(encodedPassword).toString('base64');
    console.log(encodedPassword);

    // console.log(Buffer(encodedPassword, 'binary').toString('hex'));
    var finalPass = algorithm +'$'+ iterations +'$'+  salt +'$'+  newPass;
    console.log(finalPass);
});

My solution in Node doesn't output the same results as the Python / Django code. At this point I'm pretty much over my head and any help would be very much appreciated. Thanks in advance.


回答1:


Here is a better solution using pbkdf2-sha256:

var pbkdf2 = require('pbkdf2-sha256');
var password = 'text1';
var salt = 'p9Tkr6uqxKtf';
var algorithm = "pbkdf2_sha256";
var iterations = 10000;
var hashed = pbkdf2(password, new Buffer(salt), iterations, 32).toString('base64');
var finalPass = algorithm +'$'+ iterations +'$'+  salt +'$'+  hashed;

The above code should be sufficient to validate passwords stored in Django using Node.




回答2:


So my solution to this was to create a python script that takes the salt and users password and returns the hashed password. I call this script from node and parse the results. I check if the hashed password starts with: pbkdf2_sha256, then I validate it against what my python script returned, if it validates use my new systems hashing function to reset the password.




回答3:


Use pbkdf2-sha256 instead. Had the exact same problem you were dealing with (Django -> NodeJS) and that did the trick for me! :)




回答4:


Following bababa's answer, my approach was to create a Python script as well using

"from django.contrib.auth import hashers"

The functions hashers.check_password() and hashers.make_password() provide the functionality needed to validate or create passwords against a Django installation.

More documentation on this functions can be found on https://docs.djangoproject.com/en/1.5/topics/auth/passwords/




回答5:


Thank you @paldepind for your answer that helped me! However, the pbkdf2-sha256 module is deprecated. And while it is replaced with pbkdf2, that isn't necessary either; Node provides the built-in crypto module with a pbkdf2 function which works if you give it the correct parameters. Here's the code with the OP's password. I've also verified this code with my own passwords:

const crypto = require("crypto");

// Given the following password, using algorithm pbkdf2_sha256:
// pbkdf2_sha256$10000$p9Tkr6uqxKtf$9OTqv/1X3jvhdyWRm1vwQzMYO9cOzth7hYpoFe0qboA=

var password = "text1";
var salt = "p9Tkr6uqxKtf";
var iterations = 10000;

crypto.pbkdf2(password, salt, iterations, 32, "sha256", (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey.toString("base64"));
});

You can also use pbkdf2Sync.



来源:https://stackoverflow.com/questions/15395194/python-django-hashlib-vs-nodejs-crypto

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!