Bulk user import failing with md4 hash

Problem statement

The password is not working after bulk user import.

Steps to reproduce

  • Hash the password to MD4
  • Import JSON file:
{
  "email": "name@domain.com",
  "email_verified": false,
  "custom_password_hash": {
        "algorithm": "md4",
        "hash": {
              "value": "OGZiZDdjNTQ1Nzk4Yzk3OGM1ZDk0MTRmMmQ5MzBkMzg=",
               "encoding": "base64"
         }
     }
  }
]

Try user login with the password

Troubleshooting

  1. Hash the password: MD4 Online
  2. Encode to base 64 or use Hex
  3. Copy the value
  4. Import
  5. Check the username + password

Cause

The MD4 hash has a HEX output. If the JSON file has encoding Base64, it will cause the error.

Solution

Option 1: HEX

  • Go to MD4 Online
  • See that the Input type is “Text”
  • Try (for example): Test@1234
  • Hash result is 5a78afd0cc4acc617f779fd91e192698

In this case, the import file should be like this:

...
    "custom_password_hash": {
      "algorithm": "md4",
      "hash": {
        "value": "5a78afd0cc4acc617f779fd91e192698",
        "encoding": "hex"
      }
...

Option 2: Base64

  • Repeat steps in option 1
  • Go to Base64 Encode Online
  • See that the Input type is “Hex”
  • Copy the Hex value obtained in option 1: 5a78afd0cc4acc617f779fd91e192698
  • Hash result is Wniv0MxKzGF/d5/ZHhkmmA==
...
    "custom_password_hash": {
      "algorithm": "md4",
      "hash": {
        "value": "Wniv0MxKzGF/d5/ZHhkmmA==",
        "encoding": "base64"
      }
    }
...