Migrating users from a sha256 password

inspiran · March 24, 2023, 4:55pm

Hello,

passwords for our users were initially made using sha256_crypt.hash() in python resulting in following format : $5$rounds=535000$qgfr4.Ky9h/ODeTk$ByU6XFDg1UIUAboU/mOWP7v55h46x0hjdBHVQhaLtP4

Unfortunately the passwords do not match after importing users. The json contains the algorithm, hash and salt. Not sure though if the position of the salt is prefix,.

 "custom_password_hash": {
      "algorithm": "sha256",
      "hash": {
        "encoding": "base64",
        "value": "QnlVNlhGRGcxVUlVQWJvVS9tT1dQN3Y1NWg0NngwaGpkQkhWUWhhTHRQNA=="
      },
      "salt": {
        "position": "prefix",
        "value": "qgfr4.Ky9h/ODeTk"
      }
    },

Python code used to construct the json part:

            parts = original_password.split('$')
            password_bytes = parts[4].encode('ascii') #get the hash
            password_base64_bytes = base64.b64encode(password_bytes)
            password_data = password_base64_bytes.decode("ascii")

"custom_password_hash": {
                "algorithm": "sha256",
                "hash": {
                    "value": password_data,
                    "encoding": "base64"
                },
                "salt": {
                    "value": parts[3],
                    "position": "prefix"
                }
            }

Any help would be appreciated! Kind regards, Daniel

dan.woda · March 27, 2023, 8:09pm

Hi @inspiran,

Welcome to the Auth0 Community!

I understand you are having trouble with a password hash import, I’ll look into it and get right back to you.

Thanks,
Dan

dan.woda · March 28, 2023, 1:12pm

What library are you using?

inspiran · March 28, 2023, 1:24pm

Hi Dan,

We are using
https://passlib.readthedocs.io/en/stable/lib/passlib.hash.sha256_crypt.html

encrypted_pwd = sha256_crypt.encrypt(plain_text_password)

inspiran · April 4, 2023, 4:47pm

Any update on your findings Dan?

dan.woda · April 7, 2023, 6:30pm

Hi @inspiran,

Apologies for the delay. I did a deep dive on this and discovered that you are limited to a max of 10k rounds for SHA256

If you don’t have those, then you will need to import users without hashes. Here’s a resource on that:

system · June 26, 2023, 5:38pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error importing user with custom hash Help	3	2104	February 22, 2022
Issue when importing user with custom hash password Help auth0 , import , user-import , password-hash , bulk-user-import	0	3365	May 12, 2021
Importing users with custom password hash Help password-hash , bulk-user-import	0	2565	February 1, 2022
Can't Migrate .NET SHA1 Passwords Help user-management , user-password-management	3	929	July 7, 2023
How to modify bcrypt.compare line when password was encrypted using passlib.hash.bcrypt_sha256.encrypt (Solved) Help auth0	3	4495	August 10, 2019

Migrating users from a sha256 password

Related topics