Wrong SHA256 value returned

Question

Wrong SHA256 value returned

Closed this issue 9 years ago · 4 comments

GoogleCodeExporter commented 9 years ago

Hi,

I have the following JavaScript code:

var hash = CryptoJS.SHA256('\xee').toString();

the expected value of the hash is 

"94455e3ed9f716bea425ef99b51fae47128769a1a0cd04244221e4e14631ab83" 

(I checked it using Python and few online hash calculators.)

Instead I see 

"cf1f17b9f234c4de3653dd94562d3bc86f580ce57db0881c396c1aba7fe17e14"


I am using CryptoJS v3.1.2 on Firefox 15.0 under Linux.

When the hashed string does not contain "\x" escapes the hashing works fine.

Thanks,
Sergiy Galaburda

Original issue reported on code.google.com by sergiy.g...@gmail.com on 11 Feb 2013 at 12:57

Answer 1 · 2016-03-04T12:50:37.000Z

The output you would get from any language or application depends on how it 
converts a character into bytes. Python and the online hash calculators are 
probably treating your input as Latin1. But JavaScript strings are Unicode, and 
every character could be one of more than a million possible characters. To 
accommodate all those possible characters, CryptoJS by default will convert 
strings to UTF-8 bytes. But if you want to get Latin1 bytes instead, you can do 
that too.

var hash = CryptoJS.SHA256( CryptoJS.enc.Latin1.parse('\xee') ).toString();

Original comment by Jeff.Mott.OR on 11 Feb 2013 at 6:03

Answer 2 · 2016-03-04T12:50:37.000Z

Original comment by Jeff.Mott.OR on 12 Feb 2013 at 8:21

Changed state: Invalid

Answer 3 · 2016-03-04T12:50:38.000Z

[deleted comment]

Answer 4 · 2016-03-04T12:50:38.000Z

I don't get the explanation.

var s = '\xee';
s.length;               /*  => 1      */
'0x' + s.charCodeAt(0); /*  => "0xee" */

.. looks good, behaves like binary data.

So if CryptoJS.SHA256 is somehow converting it to UTF-8 before the hashing (and 
then back to bytes?), it is doing nonsense, in my humble opinion.

Original comment by michal.b...@gmail.com on 19 Sep 2014 at 2:54