As you can see below, my php implementation produces different key than JS version (running on Extend Script if that makes any difference). PHP side uses default hash_pbkdf2, JS side uses CryptoJS library. Both use SHA256.
Am I missing something here?
PHP side
$salt = CryptoLib::randomString(128/8);
$password = "test";
$hasher = "sha256";
$iterations = 1000;
$outsize = 256;
$key = hash_pbkdf2($hasher, $password, $salt, $iterations, $outsize/8, true);
$key = bin2hex($key);
salt output: 523554455475374b5942304448317468
key output: cfb478a18d08030fe97beed34fd2da3abf89bb7975ffdaae9e39102a3b2ea1a2
JS side
var salt = "523554455475374b5942304448317468";
var password = "test";
var iterations = 1000;
var keySize = 256;
var key = CryptoJS.PBKDF2(password, salt, {keySize: 256/32, iterations: 1000, hasher:CryptoJS.algo.SHA256});
key output: 1264aa07aeab3cf93d4ee86a074697165efffe4914ce98e6d6efd7f28c371b97
It turned out to be a problem with ExtendScript. If you're using minified versions of CryptoJS, make sure you switch to full js versions because for some reason ExtendScript will generate different values:
Example:
with minified Base64 CryptoJS module included:
salt.toString(CryptoJS.enc.Base64)
= ADAASDASHFDSFKSD/ASDAHSDJAGLDFblablabla
with full Base64 CryptoJS module included:
salt.toString(CryptoJS.enc.Base64)
= Zl0gFqZIc3CczOo/FBlNSn3NPAAsw=