2

I'm trying to use the native crypto module in my NodeJS application, but I keep getting the deprecation message:

(node:26) DeprecationWarning: crypto.pbkdf2 without specifying a digest is deprecated. Please specify a digest

I know this is due to a change set that expects a digest moving forward: https://github.com/nodejs/node/pull/4047

However, from what I can see, my code is following the syntax exactly as outlined in the docs. Anyone else see what I'm doing wrong here?

function verify (password, expected, callback) {
  const combined = Buffer.from(expected, 'base64')
  const saltBytes = combined.readUInt32BE(0)
  const hashBytes = combined.length - saltBytes - 8
  const iterations = combined.readUInt32BE(4)
  const salt = combined.slice(8, saltBytes + 8)
  const hash = combined.toString('binary', saltBytes + 8)
  return crypto.pbkdf2(password, salt, iterations, hashBytes, 'sha512', (err, verify) => {
    if (err) return callback(err, false)
    return callback(null, verify.toString('binary') === hash)
  })
}

Note: If it makes any difference, this is executing inside the slim version of the node:6

gevorg
  • 4,835
  • 4
  • 35
  • 52
gordysc
  • 234
  • 1
  • 4
  • 22
  • Interesting...if I run this outside of the docker container I'm not getting the message... will dig more into this... – gordysc May 07 '16 at 05:57

1 Answers1

0

After much digging I finally figured it out. It has nothing to do with the code segment above. I'm using the iron module which is currently at version 4.0.0. The current published version doesn't pass an argument for the digest, which is causing the warning message to be produced.

They've already committed code to correct this, but it hasn't been published yet. This should resolve itself soon.

gordysc
  • 234
  • 1
  • 4
  • 22