1

I am using pbkdf2 in Nodejs and in PHP to get the KEY AND IV values whereas it is giving me the correct result if I try to use salt value as a string whereas if I have to use salt as a byte array then how it can be done in PHP side: new Buffer.from([1, 2, 3, 4, 5, 6, 7, 8], "utf-8")

Nodejs:

const crypto = require('crypto');

const encryptKey = '012345678901234599887767';
var password = Buffer.from(encryptKey, "utf-8");
var hashPassword = crypto.createHash('sha256').update(password).digest();

const salt = new Buffer.from([1, 2, 3, 4, 5, 6, 7, 8], "utf-8");

crypto.pbkdf2(hashPassword, salt, 1000, 48, 'SHA1', (err, key) => {
var key1 = key.slice(0, 32);
var iv1  = key.slice(32, 48);
console.log(key1.toString('base64')); //+Zh7sEM+QMPGIQeNz3tiIyrZSK1ibvRlLUTnBlJYkIE=
console.log(iv1.toString('base64'));  //VgxNzyZJGvrd77wLuz3G8g==
});

PHP:

$salt = " "; 
//how to use salt as bytes as same as we are doing in Nodejs crypto as hash_pbkdf2 only allowed salt value as a string 
//and if I convert salt byte value as a string then it is giving me different KEY AND IV

$pass = "012345678901234599887767";

$hashPass = hash("sha256",mb_convert_encoding($pass,"UTF-8"),true); 

$hash = hash_pbkdf2("SHA1", $hashPass, $salt , 1000, 48,true);

echo base64_encode(substr($hash , 0, 32));
echo '<br/>'.base64_encode(substr($hash , 32, 48));
Piyush Sharma
  • 591
  • 7
  • 9

1 Answers1

0

The salt is:

"\x01\x02\x03\x04\x05\x06\x07\x08"

so literally that.

Or if you want it to look overcomplicated like the JS code:

$salt = implode('', array_map('chr', [ 1, 2, 3, 4, 5, 6, 7, 8 ]));

Also:

  1. Salts should be unique per-hash.
  2. Salts are not considered secret value.
  3. Most password hashing libs just pack the salt into the first X bytes of the output.
Sammitch
  • 30,782
  • 7
  • 50
  • 77