I would like to replicate the following PHP code in JS:
$salted = $raw_pass."{".$salt."}";
$iterations = 5000;
$digest = hash('sha512', $salted, true);
// "stretch" hash
for ($i = 0; $i < $iterations; $i++) {
$digest = hash('sha512', $digest.$salted, true);
}
return base64_encode($digest);
It's creating a hash from pass and salt, 5000 iterations. This is actually from Symfony's MessageDigestPasswordEncoder (I changed the code a bit for the sake of example, sorry for possible typos).
I want to replicate this in JavaScript and I did this:
var salted = raw_pass + "{" + salt + "}"
var digest = CryptoJS.SHA512(salted);
for (var i=0;i<5000;i++){
digest = CryptoJS.SHA512(digest+salted);
}
user.password = CryptoJS.enc.Base64.stringify(digest)
Everything works ok when I create digest
(I get the same string on both sides), but after it reiterates, I get different hashes. The symfony side is working, so the problem is somewhere in this JS.
What am I doing wrong?
Later edit:
I think I have an idea why this is not working. digest
is an object and salted
is a string. CryptoJS.SHA512 accepts both, but I don't think digest + salted
is not what is expecting.
I think the problem is that in PHP you initialize the loop in 1
:
for ($i = 1; $i < $iterations; $i++)
but in JavaScript you initialize the loop in 0
:
for (var i=0;i<5000;i++)