1
我建立一個API和我有麻煩而生成哈希在客戶端界面CryptoJs不同的哈希有相同的輸入值
我的js函數做到這一點:
console.log(" username: '" + $rootScope.username + "'");
console.log("timestamp: '" + timestamp + "'");
console.log(" request: '" + req + "'");
console.log(" entropy: '" + "dragonsahead" + "'");
console.log(" password: '" + $rootScope.password + "'");
var message = $rootScope.username+timestamp+req+"dragonsahead";
console.log(" message: '" + message +"'");
var hash = CryptoJS.HmacSHA1(message, $rootScope.password).toString();
console.log(" HASH: '" + hash + "'");
return hash;
$rootScope.username
和$rootScope.password
是用戶輸入;
JS登錄:
username: 'admin'
timestamp: '1394643128.478'
request: '/login'
entropy: 'dragonsahead'
password: 'e1a47a0407d876c8187b1e984a6813abde8160af'
message: 'admin1394643128.478/logindragonsahead'
HASH: '5061875265279c7378c95c9536feade1c610492d'
我可以在哈希不匹配的服務器端日誌中看到。 PHP服務器日誌:
2014-03-12 16:52:08 - INFO --> username: 'admin'
2014-03-12 16:52:08 - INFO --> timestamp: '1394643128.478'
2014-03-12 16:52:08 - INFO --> request: '/login'
2014-03-12 16:52:08 - INFO --> entropy: 'dragonsahead'
2014-03-12 16:52:08 - INFO --> password: 'e1a47a0407d876c8187b1e984a6813abde8160af'
2014-03-12 16:52:08 - INFO --> message: 'admin1394643128.478/logindragonsahead'
2014-03-12 16:52:08 - INFO --> HASH: '4c34a29aa05059d5016bd74796407de3d2e5428c'
2014-03-12 16:52:08 - INFO -->CLIENTOKEN: '5061875265279c7378c95c9536feade1c610492d'
這個我檢查我this site和服務器內置散列是正確的之後。 於是,我決定LO負荷CryptoJS到一個空白頁(Google爲例),看看會發生什麼:
> var jq = document.createElement('script');
> jq.src = "https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js";
> document.getElementsByTagName('head')[0].appendChild(jq);
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
>var test = CryptoJS.HmacSHA1("admin1394643128.478/logindragonsahead",'e1a47a0407d876c8187b1e984a6813abde8160af')
undefined
>test.toString()
"4c34a29aa05059d5016bd74796407de3d2e5428c"
由於CryptoJS返回正確的哈希值,它只能是我搞亂了我的javascript瓦爾。我不知道什麼可能會弄亂我的變量...