Clever Geek Handbook

Is binary hashing possible with CryptoJS?

I want to create a HOTP client using javascript like SpeakEasy

The above library is for server side JavaScript and uses NodeJS.

I want to do the same in javascript in a frontend in a browser, but I was unable to use CryptoJS to achieve this behavior.

         var key = "abc";
         var counter = "123";

         // create an octet array from the counter
         var octet_array = new Array(8);

         var counter_temp = counter;

         for (var i = 0; i < 8; i++) {
             var i_from_right = 7 - i;

             // mask 255 over number to get last 8
             octet_array[i_from_right] = counter_temp & 255;

             // shift 8 and get ready to loop over the next batch of 8
             counter_temp = counter_temp >> 8;
         }

        // There is no such class called as Buffer on Browsers (its node js)
         var counter_buffer = new Buffer(octet_array);

         var hash = CryptoJS.HmacSHA1(key,counter_buffer);

         document.write("hex value "+ hash);
         document.write("hash value "+    CryptoJS.enc.Hex.stringify(hash));

I know it is possible on a native platform like java (android) or object c (ios) Here is the corresponding HOTP implementation in Objective C , but I doubt it is possible to do it on a web interface.

Also, I very much doubt that such a thing is safe in a browser, because javascript is viewable in any browser. Any suggestions might be helpful. I am doing this for POC. I'm curious if anyone has used Hotp on a web platform.

+3


source to share


2 answers


There is no language that supports binary strings of data in code. You need to encode the binary data in some format like Hex or Base64 and let CryptoJS decode it into its own internal binary format, which you can then pass to various CryptoJS functions:

var wordArrayFromUtf = CryptoJS.enc.Utf8.parse("test");
var wordArrayFromHex = CryptoJS.enc.Hex.parse("74657374"); // "test"
var wordArrayFromB64 = CryptoJS.enc.Base64.parse("dGVzdA=="); // "test"

Other functions:



wordArrayFromHex.toString(CryptoJS.enc.Utf8)  // "test"
CryptoJS.enc.Utf8.stringify(wordArrayFromB64) // "test"

If you pass a string to a CrypoJS function (not here), it will be treated as a Utf8 encoded string. If you don't want that, you need to decode it yourself.

+3


source


The code http://caligatio.github.io/jsSHA/ works great for SHA-512

.

Dropping the .js files, look in your test / test.html at line 515. It might look like a string to you, but it's binary hex.



So their input is binary, which is error-free. Don't get hung up on the fact that he is sitting in a big rope.

+1


source






More articles:


All Articles