Pycryptodome PBKDF2 same password and salt, different hash
I am using PBKDF2 to hash a key challenge (a uuid is generated on the server, encrypted using the user's public key, then the user decrypts the challenge and sends it to the server for api access). When the uuid is generated it is supposed to be hashed, then stored in the db, then when the user sends the decrypted uuid, the server must hash it to compare with the stored hash. When I tested this, the user sends the correct uuid, and the salt is the same (stored alongside the hash), but the hash is different. What could cause this? See code and sample values below.
Hashing function:
from Crypto.Hash import SHA512
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Random import get_random_bytes
def PBKDF_HASH(salt, plain, length):
hashed = PBKDF2(plain, salt, length, count=1000000, hmac_hash_module=SHA512)
print('HASHD: ')
print(base64.b64encode(hashed))
return base64.b64encode(hashed) #hash is base64 encode for db storage
Challenge generator:
def challengeGenerator():
uuid = secrets.token_hex(64)
print(uuid)
salt = get_random_bytes(64)
print(salt)
hash = PBKDF_HASH(salt, uuid, 128)
#uuid is encrypted and hash + salt are stored in db
User Authentication Test:
print(user_uuid) #decrypted uuid sent in request
salt = #salt retrieved from db
print(salt)
hash = PBKDF_HASH(salt, user_uuid, 128)
#hash is compared to the hashed uuid stored in the db
Sample/Test Data:
#From challenge generation
#uuid decrypted
29e9734efcf566fbd35bf0a0ef07dee50e3861b6037f72647d6daab9c3c60f3e7aa163aecc9fd4706cb9bc38ba61bc1c9d7231a8e6c7e149588f922586c25095
#salt (base64)
b'P*\x13B\x9f\xf6"r\xec\x12\x08\xde\x0e\x9aw]\xaa\xa6\xde\xb3\xdb\x0f\xa4\xfa\xab+\x17\xcf\xd7W\xfe\xbe1\x81a\xae\xc3@[!&\xc3\xec\xa3\x15\xa4\x82\x9a\x99\x05\xc6\xa7"o0\x0b\xb4\x05\xf3\xc4\xa4\x91\xd8\xf9'
#uuid hash (base64)
HASHD:
b'XQna/Lq7xNW5AMOdX5FUrJ9HhJ56s5V/8jQPRRUBNb6GeR6jXeaxr4n0Gzsy0asGctex50cmmVhOKeBHICWSG+UlxXIEuFYu4Pp6LoOoNDydZEKHv09fHfdkMqyaoWOBHrRUDfHFJxiV+60v1HeornKIOpGl0BwDgMgD82RZxoc='
#From user request
#decrypted uuid sent by user
29e9734efcf566fbd35bf0a0ef07dee50e3861b6037f72647d6daab9c3c60f3e7aa163aecc9fd4706cb9bc38ba61bc1c9d7231a8e6c7e149588f922586c25095
#salt as retrieved from db
b'P*\x13B\x9f\xf6"r\xec\x12\x08\xde\x0e\x9aw]\xaa\xa6\xde\xb3\xdb\x0f\xa4\xfa\xab+\x17\xcf\xd7W\xfe\xbe1\x81a\xae\xc3@[!&\xc3\xec\xa3\x15\xa4\x82\x9a\x99\x05\xc6\xa7"o0\x0b\xb4\x05\xf3\xc4\xa4\x91\xd8\xf9'
#hash using info from user and db
HASHD:
b'j77kBTLGJV+Wrk590hMV0954a0/yqYVY/jGAeNvQwz5DdhGBX8txE3ZpMrqZZUkOjlEHV4KYcc1SVxcPEEEeamKksb2wwPtCkqpOrOZGQgOyVx+q58jtQdT7aahkCeqq+yXu0kzV1qo7hgKFuD/7l9Kivk5AP7R3NKHzN24yOVc='