Help with SHA1 using Pbkdf2_elixir library

Hi everybody!

I’m building an Elixir/Phoenix API and need to reproduce the hashing process that I currently have on my C# api, that is based on the class Rfc2898DeriveBytes .

This class is similar to the pbkdf2 elixir library (it performs hash basing on a random salt and on a number of rounds) but when hashing the same password the results are not compatible, even if setting same rounds number and output format (encode64, that corresponds to django).
I’m wondering if this is caused by the fact that c# library uses HMAC-SHA1 hash, while pbkdf2 uses SHA256/SHA512 .
Is there a way to obtain the same hash format in output?
Waiting for your help :slight_smile:

Thanks and best regards!

EDIT: here’s the source files for the .net implementation of the pbkdf2, hope they can help as well

2 Likes

It seems the library has a lower-level API which lets you specify the digest function to use.

https://hexdocs.pm/pbkdf2_elixir/Pbkdf2.Base.html#hash_password/3

The Erlang crypto library calls this algo just :sha:

https://erlang.org/doc/man/crypto.html#type-sha1

2 Likes

Hi dom, thanks for your reply.

hash_password is just the method I’m using infact, but it seems that it accepts just sha256 or sha512.
Putting just :sha or :sha1 as digest option always “forwards” the code to the default value (that is sha512).

I’ve checked also the whole code behind the method hash_password and I’m thinking about if it can be somehow different from the c# for what concerns the byte[] operations when performing hashing iterations.

Infact, also using the new Rfc2898DeriveBytes code (that accepts SHA256 hashing) on a test C# project leads to a result that is incompatible with Elixir.

Since I’m still an Elixir newbie, can you help me to check if the two codes performs different byte[] operations when doing hash iterations?

Check the issues! Support all hmac hash algorithms that are available in crypto by smt116 · Pull Request #14 · riverrun/pbkdf2_elixir · GitHub

For the result, I don’t know. I’m a C# newbie myself :wink:

Hi dom, thanks for the link!
I will give it a look and let you know if I find out something more :slight_smile: