4

I'm converting an existing php based website to a node.js app, and I need to reproduce this encryption method from php to js.

private static $_passwordSalt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer'; public static function getCryptedPassword($password = 'password') { return sha1(md5(self::$_passwordSalt.$password)); }

So far I've tried this but it does not return the same results:

UserSchema.methods.hashPassword = function(password) { var salt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer' var md5Hash = md5(password + salt); var hash = sha1(md5Hash); return hash; };
Improve this question
4
  • 1
    For a start, you're doing md5(salt, password) in your PHP and md5(password, salt) in your JavaScript. Commented Apr 1, 2015 at 12:11
  • ive tried all the different combinations: md5(salt,password),md5(password,salt),sh1(md5,salt),sha1(salt,md5), but still it doesnt work Commented Apr 1, 2015 at 12:18
  • 1
    You shouldn't be using md5 or sha1 or any combination of the two to store passwords. In PHP the best way to store passwords is password_hash() which (currently) uses bcryt. Here's a node.js implementation of bcrypt: github.com/shaneGirish/bcrypt-nodejs Commented Apr 7, 2015 at 19:02
  • You know this is an awful unsecure way to work with passwords? A static salt is actually not a salt, and MD5 is ways too fast to hash passwords, you can brute-force about 8 Giga MD5/s. You should use a slow hash function with a cost factor instead, see the password_hash() function. Commented Apr 29, 2015 at 8:38

5 Answers 5

Reset to default
3

please try these:

 var crypto = require('crypto'); var salt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer' var password = 'pass'; var hashMd5 = crypto.createHash('md5').update(salt + password).digest("hex"); var hasSha1 = crypto.createHash('sha1').update(hasMd5).digest("hex"); console.log(hashSha1);

as file: hash.js

And as hash.php these code:

<?php $_passwordSalt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer'; $password = 'pass'; //echo md5("phinware"); echo sha1(md5($_passwordSalt.$password)); echo "\n";

And than execute both files:

  • > php hash.php
  • > node hash.js

My results:

both: 3cbd1242e8e510a16f39d7e0bfd18a0e03d0de3f

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

php:

$a = 'a'; $b = 'b'; echo md5($a.$b);

equals to node.js: 

var crypto = require('crypto'); var a = 'b', b = 'b'; var md5 = crypto.createHash('md5'); md5.update(xml, 'utf8'); md5.update(config.secret, 'utf8'); console.log(md5.digest('hex'));
Improve this answer

Comments

0

Try this using crypto module:

var crypto = require('crypto'); UserSchema.methods.hashPassword = function(password) { var salt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer'; var hashStr = password + salt; var md5Hash = crypto.createHash('md5').update(hashStr).digest('hex'); var sha1 = crypto.createHash('sha1').update(md5Hash).digest('hex'); console.log(sha1); return sha1; };
Improve this answer

1 Comment

nope, this return a string which has less charecters so i think its wrong. ive tried to wrap this with the sha1 encryption but its still wrong
0

You need to consider that a hash algorithm works on byte values, and you are using string values. This means that encoding will come in to play here, and from what I know PHP uses latin1 by default, while node.js uses utf-8.

crypto.createHash('md5').update(hashStr, 'ascii').digest('hex')

I'm not sure if ascii only handles 7-bit ascii or actual extended charsets like latin1, but it seems to be the only one supported directly in the update() method. If you need to control the extended charset, you should create a Buffer from the correct encoding, and use that as parameter to update() instead. The built in support in node.js is rather limited:

Buffer.isEncoding = function(encoding) { switch ((encoding + '').toLowerCase()) { case 'hex': case 'utf8': case 'utf-8': case 'ascii': case 'binary': case 'base64': case 'ucs2': case 'ucs-2': case 'utf16le': case 'utf-16le': case 'raw': return true; default: return false; } };

And you should consider using some other tool to convert it. This thread (List of encodings that Node.js supports) suggests using iconv or iconv-lite.

Of course, the same applies to SHA1, but since you are using SHA1 on a hex representation of an MD5, it would never fall out of 7-bit ascii (where latin1 and utf-8 would produce the same byte sequence).

Improve this answer

Comments

0

here is the currect solution

var md5 = require('MD5'), sha1 = require('sha1'); var salt = 'd2g6IOP(U(&§)%U§VUIPU(HN%V/§§URerjh0ürfqw4zoöqe54gß0äQ"LOU$3wer'; var hash = sha1(md5(salt+password)); return hash;
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.