2

cookie compare ::cfe3ca5d662b0252292d4da9e486430fded7311233aa31354997d626ac1cb98caacb16a34b458ab7bb60a9310790524e1f7ef090dfbcfa424e5a03632c1d89eb::.. to ...::cfe3ca5d662b0252292d4da9e486430fded7311233aa31354997d626ac1cb98caacb16a34b458ab7bb60a9310790524e1f7ef090dfbcfa424e5a03632c1d89eb::

test: false

console.log('test: ' + ( hash.digest('hex') === v ));

I've checked typeof are strings and length values are same so no invisible whitespaces or special character tricks. I've tried == and === along with valueOf to be sure. Nothing I try can get these two strings between :: tokens to evaluate as equal or true. I don't get it and I've been doing JS for quite a while.

Jadeye
  • 3,551
  • 4
  • 47
  • 63
pherz
  • 21
  • 1
  • If I store them in individual strings, it returns true. – alDiablo Apr 16 '17 at 11:06
  • Could this have something to do with the encoding of the strings? Check out this answer to a similar problem: http://stackoverflow.com/a/10805884/6287910 – Cheticamp Apr 16 '17 at 11:19
  • Are you sure `hash.digest('hex')` delivers exactly the string you need to compare to? Have you tried dumping it to the console to debug? – KooiInc Apr 16 '17 at 11:41
  • 1
    Is the ellipsis in front of the second string a typo...? – VSO Apr 16 '17 at 15:39
  • @VSO Just asking the same, bcuz for me they've different elements –  Apr 16 '17 at 15:41
  • @Cheticamp It's weird to mention the "encoding" term, but you're right that the elements of String value can be used to represent char codes/code points in a different form. Buuut... they're not commonly used for storing low-level things, using more than one octet to store a char code (16 bits); there are other interfaces for this. When the String comes from a request, for example, the received stream will be that converted String value. –  Apr 16 '17 at 15:50
  • @Matheus I see your point, but the OP didn't really tell us the provenance of his strings. We can just assume. – Cheticamp Apr 16 '17 at 15:57
  • 1
    I derived them the exact same way using the crypt sha hash function and end up with identical strings which evaluate out with above code I pasted. I've read of encoding types for strings too and I got them the same way so that shouldn't be an issue .. if you copy and paste those above strings those are literally what it outputted between ::. Here is the actual script that produced it .. search for 'test'.. both locations fail: https://pastebin.com/Qu8bcLng – pherz Apr 16 '17 at 16:08
  • The docs show for hash.digest(): `If encoding is provided a string will be returned; otherwise a Buffer is returned.` – agm1984 Jun 30 '17 at 00:25

1 Answers1

0

https://nodejs.org/api/crypto.html#crypto_hash_digest_encoding:

The Hash object can not be used again after hash.digest() method has been called. Multiple calls will cause an error to be thrown.

You're calling it three times:

console.log('cookie compare::' + hash.digest('hex').valueOf() + '::.. to        ...::' + v + '::' );
console.log('test: ' +  ( hash.digest('hex') === v ));
if ( hash.digest('hex') === v ) { console.log( '---- OK ----'); return true; }

In this case, an error isn't thrown but the second time you call hash.digest() it returns an empty string (at least for me), so it doesn't match v.

Solution: store the return value of hash.digest('hex') in a variable and reuse it.

robertklep
  • 198,204
  • 35
  • 394
  • 381