0

I'm trying to use php to create password hashes acceptable by django, I tried using php function hash_pbkdf2 and then base64_encode, then making it into django's password format algorithm$iterations$salt$hash. I also used 320000 iterations (same as django) and created a random string for salt.

$n=22;
function getName($n) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $randomString = '';
  
    for ($i = 0; $i < $n; $i++) {
        $index = rand(0, strlen($characters) - 1);
        $randomString .= $characters[$index];
    }
  
    return $randomString;
}
$pass = "erf1377";
$iterations = 320000;
$salt = getName($n);
$hash = hash_pbkdf2("sha256", $pass, $salt, $iterations);
$hash = base64_encode($hash);
$final_hash = "pbkdf2_sha256$".$iterations."$".$salt."$".$hash;
echo $final_hash;

getName() creates my salt

But the end result is not accepted by django. what am I doing wrong here?

Redox
  • 9,321
  • 5
  • 9
  • 26
leon techtippa
  • 1
  • 2
    The format you showed looks like what you would get from using [password_hash()](https://www.php.net/manual/en/function.password-hash.php). Have you tried that? Otherwise, this might give you some help? https://stackoverflow.com/questions/57726790/django-password-hasher-using-php-format-of-function-password-hash. Based on that post, it looks like the main difference is that Django prefixes the hash with the name of the algorithm. – M. Eriksson Jun 05 '22 at 18:11
  • i also prefix my hash with the name of the algorithm as you can see in thhe code, but does django support the bcrypt algorithm? – leon techtippa Jun 05 '22 at 18:51
  • just a side-note: don't use `rand` to generate the password, use a cryptographicaly secure random source for that operation, check random_int() / random_bytes() – hakre Jun 05 '22 at 21:04

0 Answers0