Crypto-js returns different values every time it's run when using AES

Question

I'm trying to encrypt something using crypto-js and using the AES type of encryption.

The problem i'm having is that my encrypted value is different every time I encrypt it.

With this simple example, I run the same encryption 5 different times and I get 5 different results. Wtf is going on here?

task.js

var AES = require('crypto-js/aes');
var key = "abc123";
var secret = "encryptThisWord";

console.log(AES.encrypt(secret, key).toString());
console.log(AES.encrypt(secret, key).toString());
console.log(AES.encrypt(secret, key).toString());
console.log(AES.encrypt(secret, key).toString());
console.log(AES.encrypt(secret, key).toString());

Answer 1

Check the contents of AES.encrypt(secret, key) - it is an object with a number of fields, iv and salt of particular interest (jsFiddle).

Each time you run the AES.encrypt crypto-js chooses new IV and new salt (you can supply your own values, by the way). Random IV means that output will be different even with the same key, and random salt means that the actual encryption key is different too, because it is derived from the the passphrase and salt.

You may (actually, should) ask why the first ten Base64 output characters are the same when both the encryption key and IV are different? That is because calling toString() on the ecnryption result converts it into "OpenSSL-compatible string", which is basically Base64("Salted__" + salt + ciphertext), where "Salted__" is the constant prefix which, of course, leads the same prefix in the Base64 output.

Answer 2

I faced the same issue. This is simply due to us not knowing the working of algorithm. Simply put, the key and IV are different for each call of the encrypt method, as mentioned in the above answer.

To ensure the exact same value for each iteration - you can refer to this answer https://stackoverflow.com/a/47096284/4098272

Alternatively, you can use the SHA3 function and compare the two Hash values.