Inconsistent PBKDF2 hashes in Python (django) and Javascript (crypto.js)

https://stackoverflow.com/questions/23417159

python
encryption
django
JavaScript
cryptography

13-07-2023
|

Question

Django code:

hasher = PBKDF2PasswordHasher()
print hasher.encode(u'qwerty', u'qwerty', iterations=1).split('$')[3]
# T9t/EJXFpPs2Lhca7IVGphTC/OdEloPMHw1UhDnXcyQ=
# hex: 4fdb7f1095c5a4fb362e171aec8546a614c2fce7449683cc1f0d548439d77324

Javascript code:

var key = CryptoJS.PBKDF2('qwerty', 'qwerty', { iterations: 1, keySize: 256/32 });
console.log(key.toString(CryptoJS.enc.Base64));
// vfBGfG30ahsx6QWs9vrdTGV+wmlg1d5f2+5bFnP5SAU=
// hex: bdf0467c6df46a1b31e905acf6fadd4c657ec26960d5de5fdbee5b1673f94805

Solution

I was not specifying the right hasher in JS. The default is a SHA1 hasher for CryptoJS and a SHA526 hasher for Django.

CryptoJS.PBKDF2('qwerty', 'qwerty', { iterations: 1, keySize: 256/32, hasher: CryptoJS.algo.SHA256 });

fixes the problem

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow