I am try to implement an authentication protocol (RFC 5802 - Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms)
I am at the point where I have salt a password with sha256.
I have a third party javascript client that does the same thing ie it does
console.log("iterations: " + iterations); console.log("salt: " + salt); console.log("password: " + password); console.log("keyBits / 8: " + keyBits / 8); var saltedPassword = crypto.pbkdf2_hmac_sha256(password, salt, iterations, keyBits / 8); console.log("saltedPassword: " + Buffer.from(saltedPassword, 'utf8').toString('hex'));
This produces the result
base64_salt: SHdiM1g3K0paRHZWSjlPT3JYMmh1ZlJBZm8wTzFB
iterations: 10000
salt: Hwb3X7+JZDvVJ9OOrX2hufRAfo0O1A
password: pencil
keyBits / 8: 32
saltedPassword: 6cc28d45c29e24c296c2a641c3a0c2bcc3bb28200cc2bf1b5fc3a008c28234c2a1c3863ec38355c286c3b2c39671c2bfc3b5
On my rust code I am using the openssl crate and have code like
let digest: MessageDigest = MessageDigest::sha256();
let mut salted_password: [u8; 32] = [0; 32];
println!("password: {:?}", password);
println!("salt: {:?}", str::from_utf8(&salt).unwrap());
println!("salt: {}", str::from_utf8(&salt).unwrap());
let enc_result = pbkdf2_hmac(password.as_bytes(), &salt, 10000, digest, &mut salted_password);
println!("salted_password: {:x?}", salted_password);
This produces
password: "pencil"
salt: "Hwb3X7+JZDvVJ9OOrX2hufRAfo0O1A"
salted_password: [6c, 8d, 45, 9e, 24, 96, a6, 41, e0, bc, fb, 28, 20, c, bf, 1b, 5f, e0, 8, 82, 34, a1, c6, 3e, c3, 55, 86, f2, d6, 71, bf, f5]
The password, salt and iteration seem consistent.
The results have some similarity but don't match.
Can anyone offer a reason why ?
Thanks