Importing users with pbkdf2 algorithm hashed passwords

Problem statement

The users imported with this algorithm can’t log in.

Symptoms

Users’ passwords don’t work after import

Steps to Reproduce

  • Import user with pbkdf2 algorithm
  • Log in with known previous password

Solution

The salt must be added to the beginning of the string (as indicated in the documentation) and then append the hash. The digest should be appended after the pbkdf2 part of the string with a dash: pbkdf2-<digest> . Also, the length could be set as l=64 or l=32 after the comma. You need to check all these parameters and the format should be as follows:

“value”: “$pbkdf2-sha1$i=1000,l=64${salt}${hash}”

References