Reputation:
mysql password() in js
I would like to generate the mysql-password hash from js.
I know the method with php functions,
$p = "example";
echo("$p<br>");
$p2= sha1($p,true);
echo("$p2<br>"); //ĂI')s~űvŠ-Ëo?
$result = sha1($p2);
echo("$result<br>"); //*57237bb49761f29ab9724ba084e811d70c12393d - this is the same as password("example") in mysql
and I'm trying to do this in javascript.
here is located the sha1 function: http://pajhome.org.uk/crypt/md5/sha1.html
this is the hex2bin function I use to give the same result as sha1("",true);
function hex2bin(hex)
{
var bytes = [], str;
for(var i=0; i< hex.length-1; i+=2)
bytes.push(parseInt(hex.substr(i, 2), 16));
return String.fromCharCode.apply(String, bytes);
}
but at the last step it does not work. What can be the problem?
var p = "example";
console.log(p);
var p2 = hex2bin(hex_sha1(p));
console.log(p); //ÃI')s~ûv©-Ëo? - SEEMS OK
var result = hex_sha1(p2);
console.log(result); //9a5355dce26b1adfa0bdbe9f2b2a6e5ae58e5c9d WRONG
Upvotes: 1
Views: 1969
Answers (3)
Reputation: 934
SOLUTION 2017
Download file 2.5.3-crypto-sha1.js
https://code.google.com/archive/p/crypto-js/downloads
var key = '*' + Crypto.SHA1(Crypto.util.hexToBytes(Crypto.SHA1('test'))).toUpperCase();
key = *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
Test in MySQL
SELECT PASSWORD('test') /* function */
UNION
SELECT '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' /* Key generated by javascript */
UNION
select CONCAT('*', UPPER(SHA1(UNHEX(SHA1('test'))))); /* Logic for Password() function */
Upvotes: 1
Reputation: 181
Use http://code.google.com/p/crypto-js/#SHA-1 with 2 encodings.
Here is an example:
var password = "TestPassword";
var result = ("*"+CryptoJS.SHA1(CryptoJS.SHA1(password))).toUpperCase();
console.log("result : " + result);
Result will be *0F437A73F4E4014091B7360F60CF81271FB73180. If you check it with mysql password() it will be the same:
mysql> select password("TestPassword") as result;
+-------------------------------------------+
| result |
+-------------------------------------------+
| *0F437A73F4E4014091B7360F60CF81271FB73180 |
+-------------------------------------------+
Upvotes: 3
Reputation: 20201
So, in the example above, you are invoking: hex_sha1(hex2bin(hex_sha1(string))). Are you sure that is correct? Why would you need hex_sha1 twice?
Few month ago, I needed SHA1 in my JS and found this: http://phpjs.org/functions/sha1:512
... and it worked pretty ok ;)
The solution (partly):
Well, as you suggested, the main problem was charset encoding. It seems that MySQL does not encode any data prior to hashing it. This does not represent problem when dealing it with hex data, however, MySQL's UNHEX(hex2bin in JS) returns some unreadable chars and if we encode the result using UTF8 that's where all breaks apart.
When I edited JS's SHA1 not to encode data to UTF8 at line (I only commented the line):
str = this.utf8_encode(str);
everything seemed ok. However, as soon as I supplied some UTF8 chars to input (such as Central European chars čćžšđ) it started failing again.
So, bottom line, if you disable UTF8 in JSs SHA1 function and do not supply UTF8 chars on input it works fine.
I'm sure there is a solution to this such as JS function that will decode UTF8 input so, JS could hash it properly.
Upvotes: 0
Related Questions
- MySQL password() function to PHP
- MySQL INSERT SET with PASSWORD()
- How to get the value of mysql.user password
- Use ajax to verify password with javascript prompt
- Password is not being checked
- How to get value of password from MySQL database using PHP
- Confirm password field
- Get the hash of the password with javascript and then send it to the server
- login (php) with javascript
- Using credentials from a mysql table to run javascript scripts