Auth0 Home Blog Docs

How to modify bcrypt.compare line when password was encrypted using passlib.hash.bcrypt_sha256.encrypt (Solved)

auth0

#1

I’m trying to follow the “Automatic User Migration with Custom Database Connections” procedure. Our database is a PostgresSQL, the password was encrypted using python passlib.hash.bcrypt_sha256.encrypt function. How should I modify bcrypt.compare(password, user.password) line in the Login template?

Thanks in advance.


#2

I’ve figured out this problem.

In case someone else has the same problem, here is the Js code to verify the password encrypted by passlib.hash.bcrypt_sha256.encrypt function:

   // find salt and checksum from the sha256-encrypted password:
   // example: password = 'password', the hashed password would be:
   // $bcrypt-sha256$2a,12$LrmaIX5x4TRtAwEfwJZa1.$2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO

    var parts = user.password.split('$');
    var variant = parts[2].split(',')[0];  // variant = ''2a'
    var rounds = parts[2].split(',')[1];  // rounds = 12
    var salt = parts[3];  // salt = 'LrmaIX5x4TRtAwEfwJZa1.'
    var checksum = parts[4]; // checksum = '2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO'
    

    var pass256 = crypto.createHash('sha256').update(password).digest('base64');
    // use the same salt to get the hash
    var hash = bcrypt.hashSync(pass256, '$'+ variant + '$' + rounds + '$' + salt);

    var newparts = hash.split('$');
   // Find the new checksum from the hash
    var checksum1 = newparts[3].substr(22,31);

    // Compare the 2 checksums, they should match
    if(checksum === checksum1) {
      console.log('Valid Password');
    }
    else{
       console.log('Invalid Password');
    }