I am trying to migrate users from my Magneto 2 database to Auth0
I am using the bulk import endpoints (Too new for link). The user passwords are hashed using "Argon 2ID13” algorithm in php. I am reasonably confident the built in php function “sodium_crypto_pwhash” is being used. (Doc found by googling sodium_crypto_pwhash, account to new to link).
I’m reasonably confident the implementation of all this within Magneto can be found here (https://github.com/magento/magento2/blob/1c3837ce0183180d40d4c0e0fd0ae7baca38673f/lib/internal/Magento/Framework/Encryption/Encryptor.php#L574)
sodium_crypto_pwhash( SODIUM_CRYPTO_SIGN_SEEDBYTES, // 32? $data, $salt, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, // Unknown SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE, // Unknown $this->hashVersionMap[self::HASH_VERSION_ARGON2ID13] // 2 )
I’m not a PHP developer and it seems nearly impossible to find the values for constants online. Here is a list of the constants (https://www.php.net/manual/en/sodium.constants.php) with no values, how helpful.
Similar looking constants can be found in the source looking in these files: (https://github.com/jedisct1/libsodium/blob/master/src/libsodium/include/sodium/crypto_pwhash_argon2id.h)
crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE 2U crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE 67108864U // 65,536 KB
Looking elsewhere, according to the PHP RFC: Argon2 Password Hash it looks like the defaults for hashing Argon in PHP are
- memory_cost = 1024 KiB
- time_cost = 2
- threads = 2
I’ve tried many permutations of these values and have not been able to get the “right" output
As a test I created a user in a staging env which I have since deleted with these facts:
- Salt: FGzVvZzPx67rz4um
- B64 Salt: Rkd6VnZaelB4NjdyejR1bQ
- B64 Hash:
- m: ?
- t: ?
- p: ?
What should the end result be for my “custom_password_hash.hash.value”. I know it should be something like this: