Hi!
I’m trying to use a user imported into Auth0, using passwords with hash pbkdf2, the job runs successfully, but I can’t log in using the user imported.
Original values:
Hash (hex) = b32252fcd4ec70df9d951bfea92bd0da39cc360b1a4821eb5af01fea6c1857075ea216b74c03bf68f1149849c358450ccb4575071b53d158c03954174c3ab18e
Salt = 50e04e8c45254453dc098782fb51543e
file.json
[
{
"email": "fakeemail@gmail.com",
"email_verified": true,
"name": "Test user",
"custom_password_hash": {
"algorithm": "pbkdf2",
"hash": {
"value":"$pbkdf2-sha512$i=1000,l=64$NTBlMDRlOGM0NTI1NDQ1M2RjMDk4NzgyZmI1MTU0M2U$YjMyMjUyZmNkNGVjNzBkZjlkOTUxYmZlYTkyYmQwZGEzOWNjMzYwYjFhNDgyMWViNWFmMDFmZWE2YzE4NTcwNzVlYTIxNmI3NGMwM2JmNjhmMTE0OTg0OWMzNTg0NTBjY2I0NTc1MDcxYjUzZDE1OGMwMzk1NDE3NGMzYWIxOGU",
"encoding": "utf8"
}
}
}
]
error Message
{
"error": {
"message": "Password change required.",
"reason": "Verification failed for the provided custom_password_hash: {'algorithm':'pbkdf2','hash':{'value':'$pbkdf2-sha512$i=1000,l=64$UOBOjEU...','encoding':'utf8'},'salt':{'value':''}}"
}
}
What am I doing wrong?
`S
1 Like
Did you follow the PHC format for hash.value
mentioned in the pbkdf2 hash import doc ?
Here is the link from that doc that describes it:
# PHC string format
## Example
Given the following inputs:
* Password: `hunter2`
* Salt: ```\x81\x98\x95\xFC\xCD`=\xCD\xB6\x12P\a\xFC\x98u\x1F```
* Secret: `pepper`
* Variant: `argon2id`
* Version: `19`
* Time cost: `2`
* Memory cost: `65536`
* Parallelism cost: `1`
Argon2 will generate the following digest:
`$argon2id$v=19$m=65536,t=2,p=1$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno`
## Specification
This file has been truncated. show original
Yes, i’m using this example:
{
"email": "cecil@contoso.com",
"email_verified": false,
"custom_password_hash": {
"algorithm": "pbkdf2",
"hash": {
"value": "$pbkdf2-sha512$i=100000,l=64$KNyFsA2rWoE$I2CQGI9H0JxdDf3kERRI97kPCGxh0KWBIV3MxyaS191gDGfzVBGyS4BibhgqWQ0/ails8mHuU9ckASxHOOq58w"
}
}
}
And this lib to generate the string
But, no success =/
Can you post the code you are using to create the hash.value
? I’d like to try it and see if I can get it working.
=)
This is the code to generate hash.value to use in Auth0 process:
const phc = require("@phc/format");
const exportUsers = (users) => {
users.map((user) => {
const value = phc.serialize({
id: "pbkdf2-sha512",
params: { i: 1000, l: 64 },
salt: Buffer.from(user.salt),
hash: Buffer.from(user.password)
});
console.log(value);
});
};
to hash the passwords with pbkdf2 :
import crypto from "crypto";
import _ from "lodash";
export async function hashPassword(password, salt) {
return crypto.pbkdf2Sync(password, salt, 1000, 64, "sha512").toString("hex");
}
export async function getHashedCredential(credential) {
const newCredential = credential;
if (_.hasIn(credential, "password")) {
const salt = crypto.randomBytes(16).toString("hex");
const hash = await hashPassword(credential.password, salt);
newCredential.password = hash;
newCredential.salt = salt;
}
return newCredential;
}
tks
Hi Dan, any news about the code?
s
I spent a bit of time on this and couldn’t get it to work either. These hash imports are fairly delicate because of the range of params that can be manipulated.
A couple of things I noticed:
Your example import has an i
of 100000, although it looks like you are using 1000 in your hashPassword function. I don’t think this would happen if you used the exportUsers function you provided, but it’s worth noting, I’m not sure how you could’ve come to that example.
"value": "$pbkdf2-sha512$i=100000,l=64$KNyFsA2rWoE$I2CQGI9H0JxdDf3kERRI97kPCGxh0KWBIV3MxyaS191gDGfzVBGyS4BibhgqWQ0/ails8mHuU9ckASxHOOq58w"
The import requires “encoding”: “utf8”
(this should default, so it may not be an issue.)
In your exportUsers script you are using
hash: Buffer.from(user.password)
Which has a default encoding of utf8. I think you would want to pass
Buffer.from(user.password, 'hex')
All this said, I tried to make these changes and couldn’t get it to accept the password. I suspect there is an encoding issue somewhere, but can’t seem to figure it out.
I noticed these things to, I changed it on my code from 10000 to 1000, just forgot to replace here, sorry.
I tried to use “hex” parameter in my first attempt, but no effect so I just removed it to test the parameters values and forgot it too =/
Thanks, I’m still trying to make it work.
1 Like
Let us know if you have any success!
1 Like
system
Closed
June 1, 2021, 5:08pm
11
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.