Creating an HMAC with an existing password hash and salt

Question

For migration reasons I need to take an existing password & salt and place it into Firebase. I'm uploading accounts into Firebase using the google identity kit. This kit allows me to create users and requires a SHA-1 password salted.

var user1 = {
localId: userId,
email: email,
salt: new Buffer('salt-1'),
  passwordHash: crypto.createHmac('SHA1', this.hashKey).update('a password' + 'salt-1').digest()
};

Above is what would be uploaded to the server. Is there any way to crypto.createHmac with an existing SHA-1 hash and salt? I've tried just replacing the passwordHash and salt with the values, but they need to be encoded the same way createHmac encodes them.

score 1 · Accepted Answer · answered Sep 22 '16 at 18:45

1

See HMAC Implementation.

The key HMAC code is:

hash(o_key_pad ∥ hash(i_key_pad ∥ message))

So it seems the answer is no since the padded key needs to be concatenated with the message.

answered Sep 22 '16 at 18:45

zaph

111,848
21
189
228

After realizing that I was handling HMACs and not regular SHA-1s, I guess my question has changed to - 'How do I place existing salted SHA-1 keys into firebase using gitkit'. – Ramzi C. Sep 22 '16 at 18:52

score 0 · Answer 2 · answered Oct 01 '16 at 22:42

0

You can pass the existing HMAC key as the signerKey in the Google Identity Toolkit UploadAccounts API request: https://developers.google.com/identity/toolkit/web/reference/relyingparty/uploadAccount

answered Oct 01 '16 at 22:42

Jin Liu

2,203
15
13

Creating an HMAC with an existing password hash and salt

2 Answers2