1

I got a problem. I want to get the sha256 hash using image on javascript but my sha256 it is incorrect.

This is my code:

<button onclick="onSuccess()">Click me</button>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.js"></script>
<script>

    function onSuccess(imageURI) {
        var hash = CryptoJS.SHA256("imagehere");
        console.log([hash].join(''));
    }
</script>

But the result is: f3ccce7bbec0d8b3b4c6f967b2e405609b7fe691309306271bd41e22ab420aa8 and the good code should be: bedce3a32c3c2350dbcb220ed21aca171dfe57abdf68bf9ba878c0c447214742

What im doing wrong? and where is the error?

Frank
  • 21
  • 1
  • 7
  • 3
    I have no experience with Crypto-js, but from the manual I see that function being used to hash a string. If the goal is to hash the contents of the image, you need to first build the string holding the contents of the jpg, then hash that instead. Good luck! – StarShine Oct 11 '19 at 13:04

2 Answers2

0

I am no expert on this matter, but what I have found is a comment on another thread that gave me an insight on what is going on, so I will just post it here:

"What it is really happenning is that the SHA256 returns a 256-bit hash value. So what you're printing is those bytes as if they were characters and their respective character values is all that gibberish. What the online tool is returning you is the representation of that value in hexadecimal format. Notice that you're getting, (with the tool) 64 bytes IE 64 characters when 256-bit is equal to 32 bytes (32 characters you may think). That is because to represent a whole byte in hexadecimal format 2 characters are needed. 4 most significant bits take one character and the other less significant bits take another one."

Basically from what I understand both are correct, but are parsed differently.

You can see here is that the latter one you posted is in hexadecimal code, which is not what any sha256 hashing algorithms actually returns when in code.

Try this online conversion tool and you will see that it gives you the same as your first one (that method gives you back).

Finally you should rely on the format that is returned inside the code (from the function call) since it will always be correct even when using other libraries with the same hashing algorithm.

Hope this helps

Mr.Fabulous
  • 116
  • 8
0

you're just getting a hash of the text C:\Users\fjolmedo..., you're not hashing the contents of a file with that name because your code is not opening/reading its contents. i.e. you actually need to read the file from the disk into memory and then do the hash on that.

because of the security implications of allowing arbitrary (untrusted) web pages to read whichever files they like, access is only granted when the user picks a file using a file input or drops a file onto it

cryptojs doesn't seem to support more recent javascript features like ArrayBuffer so your questions takes a bit more code than you'd probably expect, see https://stackoverflow.com/a/33918579/1358308 for an example

Sam Mason
  • 15,216
  • 1
  • 41
  • 60