Node: crypto sha1 returns different value in nodejs 6.0.0
- Version: 6.0.0
- Platform: Windows 10 64bit
- Subsystem:
Hello, it's great for me to update to nodejs 6.0, but i found crypto-sha1 behaved strangely.
Code:
var sha1 = crypto.createHash('sha1');
sha1
.update('鍠笛傖儠讜3转鍙靶告唫3醿涐儦c80be5b88d258eec1dfb09bd6a27b990249a28dd94efa9af55dbb01c0be24114')
.digest('hex');
in nodejs 0.12.x - 5.x, it returns 81737baa0e0985d054d58fa43d6746549134d956; (tested in 5.10.1)
but in nodejs 6.0.0, it returns b0d4ca8a57a82807f4c0b6309d10565c5a506ec7
This change is a terrible thing for me, because i use sha1 to store accounts' password.
Why it is? And what should i do to fix my password store?
Icemic
All 3 comments
It's because of https://github.com/nodejs/node/commit/b010c8716498dca398e61c388859fea92296feb3
The default character encoding was changed. To get the pre v6.0.0 hash, use:
sha1.update('鍠笛傖儠讜3转鍙靶告唫3醿涐儦c80be5b88d258eec1dfb09bd6a27b990249a28dd94efa9af55dbb01c0be24114','binary').digest('hex')
Produces: '81737baa0e0985d054d58fa43d6746549134d956'
Note the added 'binary' argument indicating that this is to be interpreted as binary (and not utf8).
jasnell
on 30 Apr 2016
btw, in general, you should not use sha1 for password storage. You should be looking at https://nodejs.org/dist/latest-v6.x/docs/api/crypto.html#crypto_crypto_pbkdf2_password_salt_iterations_keylen_digest_callback
jasnell
on 30 Apr 2016
Solved, thanks. It seems that I made a big mistake long ago...
and thank you for your advice!
Icemic
on 30 Apr 2016
Related issues
addaleax
路
3Comments
styfle
路
3Comments
mcollina
路
3Comments
Brekmister
路
3Comments
dfahlander
路
3Comments
Most helpful comment
It's because of https://github.com/nodejs/node/commit/b010c8716498dca398e61c388859fea92296feb3
The default character encoding was changed. To get the pre v6.0.0 hash, use:
Produces:
'81737baa0e0985d054d58fa43d6746549134d956'Note the added
'binary'argument indicating that this is to be interpreted as binary (and not utf8).