LambdAuth icon indicating copy to clipboard operation
LambdAuth copied to clipboard

Published 20 hours ago verified publisher icon danilop

digest string in crypto.pbkdf2

Open fabioce opened this issue 6 years ago • 1 comments

I notice an error using the: LambdAuthCreateUser

this piece of code:

crypto.pbkdf2(password, salt, iterations, len, function(err, derivedKey) { if (err) return fn(err); fn(null, salt, derivedKey.toString('base64')); });

don't work if I don't add after len a digest string, for example null

crypto.pbkdf2(password, salt, iterations, len, null, function(err, derivedKey) { if (err) return fn(err); fn(null, salt, derivedKey.toString('base64')); });

Is it just my problem?

fabioce avatar Feb 17 '19 08:02 fabioce

According the Nodejs documentation for pbkdf2 function:

crypto.pbkdf2(password, salt, iterations, keylen, digest, callback) [...] If digest is null, 'sha1' will be used. This behavior is deprecated, please specify a digest explicitly.

So, I think the problem is that init.sh is specifying an old version of Nodejs and in new versions they changed the signature of pbkdf2 function.

https://github.com/danilop/LambdAuth/blob/ef2e82854f66fde2279fb3200cb655c875623180/init.sh#L140-L145

lmiguelmh avatar Nov 10 '19 17:11 lmiguelmh