2

I am trying to migrate some users created in a Django app over to a Node.js app. Users created in the Django app have had their pssswords hashed using the BCryptSHA256PasswordHasher hasher and these are stored in a PostgreSQL database. I am able to get the whole password string from Postgres where these are stored in the form:

<algorithm>$<iterations>$<salt>$<hash>.

What I am trying to do is figure out how to take a known password (say Password1) and, using the salt from the field in Postgres, get the Node.js hashed string to match the Django string. In this way I can authenticate those users who have been migrated over.

I have made several attempts at using the bcrypt and bcryptjs npm's for Node.js but so far I'm having no luck.

A working example using any of the Node.js npm's would be great.

Improve this question
2
  • Have you checked source code of BCryptSHA256PasswordHasher to check exact alghoritm? Commented Sep 23, 2015 at 12:36
  • Indeed I had a look through the source, but I'm not very familiar with Python and its libraries and the problem is more how to achieve the same result in Node.js Commented Sep 23, 2015 at 13:31

1 Answer 1

Reset to default
2

I managed to figure this out after a fair bit of trial & error. This is the solution:

var crypto = require('crypto'),
    bcrypt = require("bcrypt");

exports.auth = function (password) {
    var preHash = crypto.createHash('sha256').update(password).digest('hex');
    var hash = bcrypt.hashSync(preHash, salt);

    return hash;
}

where the salt parameter should for example be:

$2a$12$imuoSFEBx8JJh5L9cCDJKO

The only thing I am still unclear on is the first part of the salt string '$2a$'. In my Django password field this is actually '$2b$' which according to the bcrypt page on Wikipedia is valid, yet when trying to use $2b$ in the salt passed to bcrypt (and bcryptjs too) an error is thrown. I can work around this but perhaps bcrypt just needs to be updated.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.