Migrating users from a sha256 password

inspiran · March 24, 2023, 4:55pm

Hello,

passwords for our users were initially made using sha256_crypt.hash() in python resulting in following format : $5$rounds=535000$qgfr4.Ky9h/ODeTk$ByU6XFDg1UIUAboU/mOWP7v55h46x0hjdBHVQhaLtP4

Unfortunately the passwords do not match after importing users. The json contains the algorithm, hash and salt. Not sure though if the position of the salt is prefix,.

 "custom_password_hash": {
      "algorithm": "sha256",
      "hash": {
        "encoding": "base64",
        "value": "QnlVNlhGRGcxVUlVQWJvVS9tT1dQN3Y1NWg0NngwaGpkQkhWUWhhTHRQNA=="
      },
      "salt": {
        "position": "prefix",
        "value": "qgfr4.Ky9h/ODeTk"
      }
    },

Python code used to construct the json part:

            parts = original_password.split('$')
            password_bytes = parts[4].encode('ascii') #get the hash
            password_base64_bytes = base64.b64encode(password_bytes)
            password_data = password_base64_bytes.decode("ascii")

"custom_password_hash": {
                "algorithm": "sha256",
                "hash": {
                    "value": password_data,
                    "encoding": "base64"
                },
                "salt": {
                    "value": parts[3],
                    "position": "prefix"
                }
            }

Any help would be appreciated! Kind regards, Daniel

dan.woda · March 27, 2023, 8:09pm

Hi @inspiran,

Welcome to the Auth0 Community!

I understand you are having trouble with a password hash import, I’ll look into it and get right back to you.

Thanks,
Dan

dan.woda · March 28, 2023, 1:12pm

What library are you using?

inspiran · March 28, 2023, 1:24pm

Hi Dan,

We are using
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html

encrypted_pwd = sha256_crypt.encrypt(plain_text_password)

inspiran · April 4, 2023, 4:47pm

Any update on your findings Dan?

dan.woda · April 7, 2023, 6:30pm

Hi @inspiran,

Apologies for the delay. I did a deep dive on this and discovered that you are limited to a max of 10k rounds for SHA256

If you don’t have those, then you will need to import users without hashes. Here’s a resource on that:

system · June 26, 2023, 5:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Importing users with custom password hash Help password-hash , bulk-user-import	0	2562	February 1, 2022
Can't Migrate .NET SHA1 Passwords Help user-management , user-password-management	3	929	July 7, 2023
Migrating Django's BCryptSHA256PasswordHasher Passwords Help auth0 , migration , bcrypt , sha256 , django	1	3293	June 15, 2023
Import users with a bcrypt password hash salted with 12 rounds Help user-import , bcrypt	4	7345	September 5, 2020
After Password Hash Export - Some Users Have custom_password_hash Value Knowledge Articles	1	492	October 3, 2023

Migrating users from a sha256 password

Related Topics