Support django pbkdf2 #45
Comments
Acceptance criteria
We are open for PRs. |
|
@schettn In the documentation, it says that the password needs to be in MCF and also the hash should have an alternate base64 encoding by replacing all However I'm not sure why it won't work even if everything's changed correctly, or at least that's my case when migrating users from Django to Zitadel. |
|
@MatejMijoskiAirteam the problem is not the encoding. We support all variants of encoding. Using standard ( These are the values used in our unit tests: passwap/internal/testvalues/pbkdf2.go Line 14 in 19778a2 passwap/internal/testvalues/pbkdf2.go Lines 20 to 21 in 19778a2 There outputs are created with the same password, salt and cost and len parameter: passwap/internal/testvalues/values.go Lines 11 to 12 in 19778a2 passwap/internal/testvalues/pbkdf2.go Lines 9 to 11 in 19778a2 Django may be doing something different. Whomever will implement this feature request will need to pinpoint where the difference occurs and implement it in Go. I would recommend by starting to input the same password, salt and parameters into Django and compare the output to the above testvalues. And read whatever Django has published as developer docs on the subject. |
and others
Currently passwap does not support Django pbkdf2 hashes.
Example:
pbkdf2_sha256$100000$eWZncb8EO0lM$HddIrL/Yuvg91JrroQWqLk4kIJRzD25olN2+0UM8MoQ=passwap/pbkdf2/pbkdf2.go
Lines 27 to 35 in f5db279
pbkdf2_sha256$100000$eWZncb8EO0lM$HddIrL/Yuvg91JrroQWqLk4kIJRzD25olN2+0UM8MoQ=topbkdf2-sha256$100000$eWZncb8EO0lM$HddIrL/Yuvg91JrroQWqLk4kIJRzD25olN2+0UM8MoQ=results in apassword incorrectwhen logging in.Originally posted by @schettn in zitadel/zitadel#8491 (comment)
The text was updated successfully, but these errors were encountered: