In the code below, I generate a PBKDF2 key from my password using the same salt/iterations, first in node, then in the browser.
I'm not using any libraries on either side. I'm using the built-in crypto
module in node, and the SubtleCrypto
web API in the browser.
I'm trying to get both sides to generate the same base64 string of the derived key. Here's what I get:
Node: UJ3XzqSfs1IjU3/1USt8jPb9Z9jnhevBy3TPCAPGzHPbwXI0jVk+0LoVO7zYmb1BVEtajPmkcuLUPpwju+x+IQ==
Browser: UJ3XzqSfs1IjU3_1USt8jPb9Z9jnhevBy3TPCAPGzHM
As you can see, it's sort of tantalizingly almost the same. The / in one is a _ in the other, and the browser one diverges at the 43rd character which is also the end of that one.
So what's going on here? What am I missing?