Skip to content

Commit 421dd53

Browse files
evanvosbergevanvosberg
committed
Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.
1 parent d1f4f4d commit 421dd53

File tree

3 files changed

+20
-20
lines changed

3 files changed

+20
-20
lines changed

grunt/config/modularize.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ module.exports = {
9191
},
9292
"pbkdf2": {
9393
"exports": "CryptoJS.PBKDF2",
94-
"components": ["core", "sha1", "hmac", "pbkdf2"]
94+
"components": ["core", "sha256", "hmac", "pbkdf2"]
9595
},
9696
"evpkdf": {
9797
"exports": "CryptoJS.EvpKDF",

src/pbkdf2.js

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
var Base = C_lib.Base;
66
var WordArray = C_lib.WordArray;
77
var C_algo = C.algo;
8-
var SHA1 = C_algo.SHA1;
8+
var SHA256 = C_algo.SHA256;
99
var HMAC = C_algo.HMAC;
1010

1111
/**
@@ -16,13 +16,13 @@
1616
* Configuration options.
1717
*
1818
* @property {number} keySize The key size in words to generate. Default: 4 (128 bits)
19-
* @property {Hasher} hasher The hasher to use. Default: SHA1
20-
* @property {number} iterations The number of iterations to perform. Default: 1
19+
* @property {Hasher} hasher The hasher to use. Default: SHA256
20+
* @property {number} iterations The number of iterations to perform. Default: 250000
2121
*/
2222
cfg: Base.extend({
2323
keySize: 128/32,
24-
hasher: SHA1,
25-
iterations: 1
24+
hasher: SHA256,
25+
iterations: 250000
2626
}),
2727

2828
/**

test/pbkdf2-test.js

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -5,59 +5,59 @@ YUI.add('algo-pbkdf2-test', function (Y) {
55
name: 'PBKDF2',
66

77
testKeySize128: function () {
8-
Y.Assert.areEqual('cdedb5281bb2f801565a1122b2563515', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32 }).toString());
8+
Y.Assert.areEqual('62929ab995a1111c75c37bc562261ea3', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32 }).toString());
99
},
1010

1111
testKeySize256: function () {
12-
Y.Assert.areEqual('cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32 }).toString());
12+
Y.Assert.areEqual('62929ab995a1111c75c37bc562261ea3fb3cdc7e725c4ca87c03cec5bb7663e1', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32 }).toString());
1313
},
1414

1515
testKeySize128Iterations2: function () {
16-
Y.Assert.areEqual('01dbee7f4a9e243e988b62c73cda935d', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 2 }).toString());
16+
Y.Assert.areEqual('262fb72ea65b44ab5ceba7f8c8bfa781', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 2 }).toString());
1717
},
1818

1919
testKeySize256Iterations2: function () {
20-
Y.Assert.areEqual('01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 2 }).toString());
20+
Y.Assert.areEqual('262fb72ea65b44ab5ceba7f8c8bfa7815ff9939204eb7357a59a75877d745777', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 2 }).toString());
2121
},
2222

2323
testKeySize128Iterations1200: function () {
24-
Y.Assert.areEqual('5c08eb61fdf71e4e4ec3cf6ba1f5512b', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 1200 }).toString());
24+
Y.Assert.areEqual('c76a982415f1acc71dc197273c5b6ada', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 1200 }).toString());
2525
},
2626

2727
testKeySize256Iterations1200: function () {
28-
Y.Assert.areEqual('5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 1200 }).toString());
28+
Y.Assert.areEqual('c76a982415f1acc71dc197273c5b6ada32f62915ed461718aad32843762433fa', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 1200 }).toString());
2929
},
3030

3131
testKeySize128Iterations5: function () {
32-
Y.Assert.areEqual('d1daa78615f287e6a1c8b120d7062a49', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 128/32, iterations: 5 }).toString());
32+
Y.Assert.areEqual('74e98b2e9eeddaab3113c1efc6d82b07', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 128/32, iterations: 5 }).toString());
3333
},
3434

3535
testKeySize256Iterations5: function () {
36-
Y.Assert.areEqual('d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 256/32, iterations: 5 }).toString());
36+
Y.Assert.areEqual('74e98b2e9eeddaab3113c1efc6d82b073c4860195b3e0737fa21a4778f376321', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 256/32, iterations: 5 }).toString());
3737
},
3838

3939
testKeySize128Iterations1200PassPhraseEqualsBlockSize: function () {
40-
Y.Assert.areEqual('139c30c0966bc32ba55fdbf212530ac9', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 128/32, iterations: 1200 }).toString());
40+
Y.Assert.areEqual('c1dfb29a4d2f2fb67c6f78d074d66367', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 128/32, iterations: 1200 }).toString());
4141
},
4242

4343
testKeySize256Iterations1200PassPhraseEqualsBlockSize: function () {
44-
Y.Assert.areEqual('139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 256/32, iterations: 1200 }).toString());
44+
Y.Assert.areEqual('c1dfb29a4d2f2fb67c6f78d074d663671e6fd4da1e598572b1fecf256cb7cf61', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 256/32, iterations: 1200 }).toString());
4545
},
4646

4747
testKeySize128Iterations1200PassPhraseExceedsBlockSize: function () {
48-
Y.Assert.areEqual('9ccad6d468770cd51b10e6a68721be61', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 128/32, iterations: 1200 }).toString());
48+
Y.Assert.areEqual('22344bc4b6e32675a8090f3ea80be01d', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 128/32, iterations: 1200 }).toString());
4949
},
5050

5151
testKeySize256Iterations1200PassPhraseExceedsBlockSize: function () {
52-
Y.Assert.areEqual('9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 256/32, iterations: 1200 }).toString());
52+
Y.Assert.areEqual('22344bc4b6e32675a8090f3ea80be01d5f95126a2cddc3facc4a5e6dca04ec58', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 256/32, iterations: 1200 }).toString());
5353
},
5454

5555
testKeySize128Iterations50: function () {
56-
Y.Assert.areEqual('6b9cf26d45455a43a5b8bb276a403b39', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 128/32, iterations: 50 }).toString());
56+
Y.Assert.areEqual('44b0781253db3141ac4174af29325818', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 128/32, iterations: 50 }).toString());
5757
},
5858

5959
testKeySize256Iterations50: function () {
60-
Y.Assert.areEqual('6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 256/32, iterations: 50 }).toString());
60+
Y.Assert.areEqual('44b0781253db3141ac4174af29325818584698d507a79f9879033dec308a2b77', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 256/32, iterations: 50 }).toString());
6161
},
6262

6363
testInputIntegrity: function () {

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy