Confused by QPasswordDigestor::deriveKeyPbkdf2 when trying to replicate Crypto-JS derived keys

TiagoSD

Hello, I am developing a Qt application that has to access a system where the apsswords were stored with Crypto-js derived hashes from the form :

Crypto.PBKDF2('water', 'saltsaltsalt' ,{keySize:8, iterations:10000}).toString()

on this fake data case resulting: 04b72ee92a8850bfdbe7cf801348a6701d11931702dcecad52f0b3351bedd01c

I am trying to replicate the same password hashing with QT using:

auto iterations = 10000;
    auto keyLen = 8;
    auto res = QPasswordDigestor::deriveKeyPbkdf2(QCryptographicHash::Algorithm::Sha1,
                                                  QString("water").toUtf8(),
                                                  QString("saltsaltsalt").toUtf8(),
                               iterations,keyLen);
    qDebug()<<res;

    auto result = res.toBase64();

but QT implementation returns me "BLcu6SqIUL8="

That is not even the same length of the derived key. I think the algorithm should be standard and I could expect the same results but they are nowhere alike.

Does anyone had any experience on trying to replicate Crypto-JS derived keys using QT implementation that could point me what I am missing?

Christian Ehrlicher

Looks fine for me:

See the documentation: "The function takes the data and salt, and then hashes it repeatedly for iterations iterations using the specified hash algorithm. If the resulting hash is longer than dkLen then it is truncated before it is returned."

auto key1 = QByteArray::fromHex("04b72ee92a8850bfdbe7cf801348a6701d11931702dcecad52f0b3351bedd01c");
auto key2 = QByteArray::fromBase64("BLcu6SqIUL8=");
auto key2Hex = key2 .toHex(); // --> 04b72ee92a8850bf = 8 bytes