Crypto JS SHA3 giving different output on same input

Question

We are using Crypto JS SHA3 to hash our username and password together.

The function takes the inputs from two html input fields for the username and password, concatenates them with the salt, and hashes them. The first hash works successfully, however hashing the same output again yields a different result.

This is the relevant code:

$prehash = $salt + $user + $pass;

$prehash = CryptoJS.enc.Utf8.parse($prehash);
var sha3 = CryptoJS.algo.SHA3.create();
sha3.update($prehash);
var password  = sha3.finalize().toString(CryptoJS.enc.Hex);
sha3.reset();

var sha3 = CryptoJS.algo.SHA3.create();
sha3.update($prehash);
var password2  = sha3.finalize().toString(CryptoJS.enc.Hex);
sha3.reset();

console.log('PREHASH: ' + $prehash);

console.log('HASHWORD: ' + password);

console.log('HASHWORD2: ' + password2);

The console logs output the following:

PREHASH:  4d616e636865737465722c20436f6e6e65637469637574204d6f62696c65205573657273546f776e20436c65726b68617665206272616e6368657320616476616e63652042656c6769756d

HASHWORD: db90cbb6766f3ca0dc8af39455cd6e224263db31caed3f73f9ad923a02c34211c85cc17a8e3d0166cd82c10d12a137332891c0c201174e16d19a93b6b4d430cf

HASHWORD2:
9ed635963fa0079a0520d8afa59d1e19be601d7bf77f623702304240993ce9bdd2f3023ca6bbd44f2ab30ceb2de1c8f0d3fe3d63292c5a23c44ddd1d485baa71

EDIT: We have tested on two other devices, and have found that we get the correct output on the other two devices. This behavior is only observed on my coworkers phone. Now we are more confused. Does anybody see why a different device would produce different output?

EDIT: Here is a jsfiddle that demonstrates the problem. It should read true & true. On our android 4.2.2 device it reads false & false http://jsfiddle.net/odL57wfo/2/

Answer 1

We were unable to find a solution to this problem so we have opened a bug on the crypto-js project and in the mean time we are using a different hashing algorithm