Yes, the buffers will be identical.
danmilon.
On 02/01/2013 12:41 AM, Harald Hanche-Olsen wrote:
> I'd like to store user password hashes in a database.
>
> When a new password is created, I get some bytes from
> crypto.randombytes to use as salt, then feed the salt and password to
> crypto.pbkdf2 (along with an iteration count and size).
>
> I convert the salt with salt.toString('base64') in order to save it in
> the password database.
>
> I have noticed that the resulting key from pbkdf2 is essentially a
> binary coded string; so convert it using
> new Buffer(derivedKey,'binary').toString('base64')
> before saving it to the database.
>
> However, I see that the crypto API is going to change to using buffers
> rather than binary encoded strings. Also, the 'binary' encoding is
> going away.
>
> That is fine and well, but what do I need to do to ensure that the
> password hashes will be the same after the crypto API changes?
>
> I understand I will have to rewrite the code, of course, but I want to
> be able to use the same old hashes so that the password database can
> still be used.
>
> Can I expect the future crypto.pbkdf2 to produce a buffer identical to
> today's new Buffer(derivedKey,'binary')?
>
> Also, what is most future proof – to feed the binary salt as a buffer
> to pbkdf2, or the stringified version thereof?
>
> - Harald
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to nodejs@googlegroups.com
To unsubscribe from this group, send email to
nodejs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to nodejs+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
