4

I must migrate my backend from php to node. We used php crypt (with default random salt) to hash the passwords. For instance, for the password 'd1692fab28b8a56527ae329b3d121c52', I have the following crypted pw in my base (depending if I used either md5 or sha512, as the $i$ specify) :

$1$7JxJYjJK$oFtCGyVvflspPtxB7YrWP.
$6$CVx6KL5l$wzk3YXlqUaz42Kb9r2lmEJhx/FBUXPRoLWN.20/XMBbgQrhp3vSHkEDF3bJEtpM3M96VZ.AMKatLGSKYZZKNH/

And in php I can verify them with crypt :

echo crypt('d1692fab28b8a56527ae329b3d121c52', '$1$7JxJYjJK$oFtCGyVvflspPtxB7YrWP.');
echo "\n";
echo crypt('d1692fab28b8a56527ae329b3d121c52', '$6$CVx6KL5l$wzk3YXlqUaz42Kb9r2lmEJhx/FBUXPRoLWN.20/XMBbgQrhp3vSHkEDF3bJEtpM3M96VZ.AMKatLGSKYZZKNH/');
echo "\n";

Which returns the correct crypted pw.

I did not manage to obtain such results with any node function. I tried stuff like :

require("crypto").createHmac("md5", "7JxJYjJK").update("d1692fab28b8a56527ae329b3d121c52").digest("base64");

And many others, but without any success. Can someone please help me to do this ? I abolutely need the MD5 version ($1$) ; the sha512 would be somewhat nice (I know it's horrifying, but it's the md5 version that was used on the prod server, and the sha512 that was used on the test server...).

Improve this question
4
  • stackoverflow.com/questions/13537259/… was from 10 months ago, but you could try bcrypt instead? npmjs.org/package/bcrypt Commented Oct 16, 2013 at 14:35
  • Please read the question, I already have a user base filled with php-crypted passwords on a production server, I need to be able to verify it in node. (and btw I already use bcrypt in Node for NEW clients that register ; that doesn't solve my initial problem at all though) Commented Oct 17, 2013 at 8:37
  • i did read the question and understand: your password is d1692fab28b8a56527ae329b3d121c52, the algo is 1 or 6 and the salt is 7JxJYjJK and CVx6KL5l respectively. Verifying requires regenerating the hash based on the key with a specific algorithm implementation, of which the latter is not aligned with that of PHP (according to the SO post), however bcrypt is said to possibly match but I can't get gyp to build it on my win machine and couldn't test~ Commented Oct 17, 2013 at 9:22
  • 1
    No, bcrypt uses one specific algorithm (the $5y$ one I think). If your php happen to use this one, bcryt will indeed match. But not in any other cases. Commented Oct 21, 2013 at 16:21

1 Answer 1

Reset to default
1

I just converted the original crypt_md5() (as used in PHP) to JavaScript for one of my projects. You can find it here:

https://github.com/BlaM/cryptMD5-for-javascript

(Supports only $1$, but that's at least a part of what you are looking for.)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.