CryptoJS PBKDF2 and salt hash method not working

Question

I am trying to use PBKDF2 and salt hashing from CryptoJS to store my password. This is the part where I hash the user password from registration:

var passwordInput = document.getElementById("txtPasswordInput").value;
var salt = CryptoJS.lib.WordArray.random(128/8);
var key512Bits1000Iterations = CryptoJS.PBKDF2(passwordInput, salt, { keySize: 512/32, iterations: 1000 });

console.log(salt.toString());
console.log(key512Bits1000Iterations.toString());

With abcd1234 as password, I managed to store these into my database:

Salt: cec16a7e68e0f3e49f729dfd90b0893a
Password: d974b96a494f39aec7f1fa6c495b4783b43e579c070b695...

At my login page, I am trying to compute the hash again based on user input to verify the credential:

var passwordInput = document.getElementById("txtPassword").value;
// retrieve from firebase
var password = accountData.password;
var salt = accountData.salt;
var key512Bits1000Iterations = CryptoJS.PBKDF2(passwordInput, salt, { keySize: 512/32, iterations: 1000 });
console.log(salt.toString());
console.log(key512Bits1000Iterations.toString());

if(password != key512Bits1000Iterations){
console.log('wrong');
}else{
console.log('correct');
}

However, it kept returning me 'wrong'. I printed out the hashsed password and both of them are different though.

Also, after I pressed on the register or login button, the hashing algorithm actually took a while to compute before my browser returns to responsive again. Is the algorithm designed to be slow in computing? Any ideas how to overcome this?

Any ideas? Thanks!

Answer 1

On login page, the salt needs to be parsed as hex.

Yes, PBKDF2 is designed to be slow. You can speed it up with fewer iterations at the cost of security.