3

I'm trying to get the same result from using cryptojs sha3 method and the php-sha3 library, but the results just dont' seem to match.

An example:

For CryptoJS

var hash = CryptoJS.SHA3("qwerty", { outputLength: 224 }).toString();

gives me d7a12ecec4442f1b31eea5f7d5470f0ca6169463e09d91a147c3b8e8

while with PHP-SHA3

echo sha3("qwerty",224);

gives me 13783bdfa4a63b202d9aa1992eccdd68a9fa5e44539273d8c2b797cd

I am a complete encryption noob, so I'm guessing I'm missing something fundamental about this.

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
Ting Sun
  • 306
  • 2
  • 10

2 Answers2

5

CryptoJS 'sha3' is not actually using the current SHA-3 standard unfortunately - hence your discrepancy. The code is implementing a version of SHA-3 which was superseded.

In 2014, NIST made slight changes to the Keccak submission and published FIPS 202, which became the official SHA-3 standard in August 2015.

Quoted from this source:

https://medium.com/@ConsenSys/are-you-really-using-sha-3-or-old-code-c5df31ad2b0

Which goes on to say:

Unfortunately, the readme in Github makes no mention, and the user must look at the old site to find the “NOTE: I made a mistake when I named this implementation SHA-3. It should be named Keccak.” So any dependents of CryptoJS that uses sha3 is using old code that would be better described by a term like Keccak. Also, beware of online sha3 calculators, because some of them have not been updated to SHA-3.

Claud
  • 937
  • 1
  • 12
  • 27
1

Artjom is right. You can try this JS library, https://github.com/emn178/js-sha3. I am able to use it to generate SHA3 and Keccak hashes.

The you can verify the hash at http://emn178.github.io/online-tools/sha3_224.html.

user3390906
  • 147
  • 1
  • 3
  • 12