Ok I found out that there really was an error encoding the password the
first time. Maybe because I didn't converted the salt to base64.
However I now moved on to the next error.
When rehashing the user login password and encoding it with the same
parameters I do a === this always returns false.
To test if this is not an issue of the logic I persisted the rehashed
password to database and compared manuelly. Result they are equal.
Question is just why javascirpt doesn't see this. I think it has issue with
such "strings". I started a issue on github because of the toString()
method on pbkdf2
Am Freitag, 20. Juli 2012 09:31:16 UTC+2 schrieb kyogron:
>
> Hi,
>
> yes I do, because I call .save() on the user object.
>
> Here is the mongoDB document:
>
> {
> "password":
> "\u000fðMÜ\u0001|°¦`\u001fâÊÌx\u0091GP\u008dpÇöt\u001eê\u0000!503¢\u0087\u008f\u0085\u0018\u0096Wáê§ZA*Ó\u001fÔà}¤Zwß\u009eÑ!=§á\"9àéÒ\u0003\u0084ø+\u009dC\\Å\b:à(\u0086=G¯|LîÇàºáY]\u001ez\fÞRi×f¼&»\u0099NÂi`à\u0098¹?¶¦\u000f\u0090,ÍðÃî\u0088«cHg·ä\u0016aT\u0007¸gæI\u00124\u0000ËFzx\u0006)Ô\u009eìSy}?¯H#g§Á\u0089%6eftÎç\u0098g~\"¬
>
> fs\u000fç\u001c\u0088¥H\u0005<\u0099\u0017Ê\u009d\u0090\u009a7£0\u009f\u0005bcîfe¿\u0003Õä\\]g=Ùú
>
> ùWÛKIÀb\u0012\u001fãäEý45Ï\u0002¢!Òp\u00ad\u009dÂÃ\u001bïé÷3Ã\u0088\u001aõòÈ|ÉÔW\u0095\u009e\u0091\u001c¡¢\u0093ój3-t»\u001fÉ>\u0083\u0018ï\u0004#\u0001l\u0080ÎH\u008c¸TïFÄàúU\u008cå\u008dß\u001a×\u0097&¼\\\u009dh8Ð1\u008fzráp£¥\u000bòÐK!8\r\f{\u0016\u0087\u009dvßAÁ\u0012Ó[\u0088\u0085ö\u001d\u009fdN÷\u001c¶«=J\u000eË\u009aqêi3ÆX\u009eÑ{fh{u-^\t\u001b\fLL©È:b\u0089\u0000-\u0017Ð|-ý5=\u0013ÒVó\u00034Ãö1¥\\§,á¸d`@\u0082A(Õ\u0013£\u0097é\u009f¡Y\u008e\u009e\u0092º{¹\u0012\u0084YT\u0002`\u0089\u0086çdÕ`x§³4\u0095\u0085×q\u00188º\\:\u0086×B`ê0\\$\u0007\u0001&K\u0004õ\u007fBhb\u009cÆ\u008a\u0081£&¬M/\u0091a\u001b\u0094\u009c&\rH\u009b\u0085È*&\u0082\u001b\u0088¹B\u009b²\u00887YÃ4I¯\u0091\u0012Ú4\u0088Ô
>
> (\u0090\u0081÷À²ü\u000eg4!æÅðÆb\u009cë\f4Ð",
> "salt":
> "̀\u001bŻ\ufffdO밗\ufffd8:f\u0019\ufffd\t\ufffd\ufffdK\u0017\t\u001e+\ufffd\ufffdg\ufffd'\u0007\u0005\ufffd",
> "email": "[email protected]",
> "username": "example",
> "_id": ObjectID("5008211ebcbc1db940000001")
> }
>
> Am Freitag, 20. Juli 2012 07:00:19 UTC+2 schrieb Isaac Schlueter:
>>
>> Silly question... Are you using the same salt each time? It looks here
>> like you're randomly generating it and not saving it.
>>
>> On Thursday, July 19, 2012, kyogron wrote:
>>
>>> Hello,
>>>
>>> I use following snippet to hash a user password:
>>>
>>> crypto.randomBytes(32, function(err, buf) {
>>>
>>> if (err) throw err;
>>>
>>> user.salt = buf;
>>>
>>> crypto.pbkdf2(req.body.password, user.salt, 25000, 512,
>>> function(err, encodedPassword) {
>>>
>>> if (err) throw err;
>>>
>>> user.password = encodedPassword;
>>>
>>> user.save(function(err, user) {
>>>
>>> if (!err) return res.send(err, 500);
>>>
>>> return res.json(user);
>>>
>>> });
>>> }.bind(this));
>>>
>>> });
>>>
>>>
>>> With buf.toString('base64') I can successfully encode the salt from a
>>> bin buffer object to a string. The same unfortunatly doesn't work on the
>>> derivedKey of pbkdf2.
>>> This is some binary string which i can save to mongodb but I can't
>>> rebuilt it (hashing the user's login password gets always a different key).
>>>
>>> So how can I encode the derivedKey of pbkd2 to a in javascript usable
>>> string (e.g. base64 or utf-8)?
>>>
>>> Regards
>>>
>>> --
>>> Job Board: http://jobs.nodejs.org/
>>> Posting guidelines:
>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
>>> You received this message because you are subscribed to the Google
>>> Groups "nodejs" group.
>>> To post to this group, send email to [email protected]
>>> To unsubscribe from this group, send email to
>>> [email protected]
>>> For more options, visit this group at
>>> http://groups.google.com/group/nodejs?hl=en?hl=en
>>>
>>
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
