Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PBKDF2 + RIPEMD160 incorrect result #412

Open
guidovranken opened this issue Feb 22, 2020 · 0 comments
Open

PBKDF2 + RIPEMD160 incorrect result #412

guidovranken opened this issue Feb 22, 2020 · 0 comments

Comments

@guidovranken
Copy link 

{
    var iterations = 2;
    var keySize = 147;
    var password = sjcl.codec.hex.toBits("00");
    var salt = sjcl.codec.hex.toBits("006ab795cd7d");

    var digestFn = sjcl.hash.ripemd160;

    var hmac = function (key) {
        var hasher = new sjcl.misc.hmac(key, digestFn);
        this.encrypt = function () {
            return hasher.encrypt.apply(hasher, arguments);
        };
    };

    var derivedKey = sjcl.misc.pbkdf2(password, salt, iterations, keySize * 8, hmac);

    console.log(sjcl.codec.hex.fromBits(derivedKey));
}

Expected result:

bed0d4b1e9909ff4239fc6e010ebae803d1503f1e5deac97891e18c6ae7207377f1756741d5f54964251e48927861f01e633226ab89cd54768b9a89c737ae3c42791ebe6936b146b96fdb4448e6fa6b093d6aef78d86dbcd960fd3cfd111fcaeb1559461aa336d92925735e5bdad560542245ff6910c9b002c6bd3ae9f9a80a5bd44f8a5f80645ebe1fbd51d75675d6a27d67e

Actual result

7815e14e4b1e0a60301a2fd1fad378de3fa99acdc2ed9c2e2b6870a5c1940e1607b87cd5441b11314e7301d098231420ec08bb45c1a94f8347befad2ff163b726e2e0c1a85917d2e309b0037125efb430ead1bd48f2499c77adc32a734aea303b86bee18963a035a2dea7508cc5ec91fdc500d9349b4f53b6ea21bfa798f8465c7cb2eed618b6cf0238e6bbdf332ab4edce92c

Reproducer for Botan

#include <botan/pbkdf.h>
#include <botan/pwdhash.h>
#include <string>
#include <stdlib.h>

#define CF_CHECK_NE(expr, res) if ( (expr) == (res) ) { goto end; }

int main(int argc, char** argv)
{
    const size_t size = 147;
    unsigned char* out = (uint8_t*)malloc(size);
    const uint8_t _password[] = {0x00};
    const uint8_t _salt[] = {0x00, 0x6a, 0xb7, 0x95, 0xcd, 0x7d};
    const std::string password(_password, _password + sizeof(_password));
    const std::string salt(_salt, _salt + sizeof(_salt));

    try {
        std::unique_ptr<::Botan::PasswordHashFamily> pwdhash_fam = nullptr;
        std::unique_ptr<::Botan::PasswordHash> pwdhash = nullptr;

        CF_CHECK_NE(pwdhash_fam = ::Botan::PasswordHashFamily::create("PBKDF2(RIPEMD-160)"), nullptr);

        CF_CHECK_NE(pwdhash = pwdhash_fam->from_params(2), nullptr);

        pwdhash->derive_key(
                out,
                size,
                password.data(),
                password.size(),
                (const uint8_t*)salt.data(),
                salt.size());

        for (size_t i = 0; i < size; i++) {
            printf("%02x", out[i]);
        }
        printf("\n");

    } catch ( ... ) { }

    free(out);
end:
    return 0;
}

Reproducer for OpenSSL

#include <openssl/evp.h>
int main(void)
{ 
    unsigned char out[147];
    const unsigned char password[] = {0x00};
    const unsigned char salt[] = {0x00, 0x6a, 0xb7, 0x95, 0xcd, 0x7d};
    if ( PKCS5_PBKDF2_HMAC((const char*)password, sizeof(password),
            salt, sizeof(salt), 2,
            EVP_ripemd160(),
            147, out) == 1 ) {
        for (size_t i = 0; i < sizeof(out); i++) {
            printf("%02x", out[i]);
        }
        printf("\n");
    }

    return 0;
}

May be related to #410
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@guidovranken