Importing Password Hashes from Drupal 7

Hi, I’ve successfully imported the “antoinette@contoso.com” custom hash example from https://auth0.com/docs/users/references/bulk-import-database-schema-examples using the import extension but my real example isn’t working.

Drupal 7 uses sha512 with base64 encoding and a salt which is not stored in the database. I think the salt is random and I can look in the code to find out how long it is, etc. The reference for the hash code is https://api.drupal.org/api/drupal/includes!password.inc/7.x.

Any suggestions how I can make an importable user?

Here is a non-real example of a hash: $S$D.oOkSJYpbtcVkh1QWSm8BzRKYpsEHrrqPRiaDmiqr.GVE3QisdC

Here are some examples of repeated calls of _password_generate_salt(DRUPAL_HASH_COUNT)

“$S$Dg.CLIAbK”
“$S$DgJg7eBjV”
“$S$DCJG/FAi5”
“$S$DKhn5.nXz”
“$S$DHVVmeH8q”
“$S$DdH4fZ1nk”

Hi jcable, and welcome to the community! :partying_face:

Where is the salt stored currently if not in the DB? You need the salt to check the password hash. Your current application would have to know it to verify the hash. In order to import it into Auth0, you will need it as well.

According to this SO, the salts should be in the pass column: https://drupal.stackexchange.com/questions/176008/getting-password-hashes-and-salts-from-drupal-7

1 Like