Generate Password


#1

I would lke to generate password for seafile using php

<?php	
  $salt = random_bytes(32);
  $salt = bin2hex($salt);
  $password  = "password";
  $iterations=10000;
  echo "GENERATED SALT: " . $salt . "<br>" . "<br>";
  $hash =  hash_pbkdf2 ("sha256" , $password , $salt , $iterations);
  echo "GENERATED HASH: " . $hash . "<br>" . "<br>";
  echo "FINAL RESULT: PBKDF2SHA256$" . $iterations . "$" . $salt . "$" . $hash . "<br>" . "<br>";
?>

Using this command i get an output that looks like this
PBKDF2SHA256$10000$0e288b8f974fdee54bc3f6e2afc5cbd2abbd3c0082c9872a1280d7d9855f7dc7$0aa0d26d25fa035e666ad56525ac5c883c67245af93bf63714202009557e6c42

the problem is that when i replace a user password in the ccnet database with the one i got that user cannot login unless i reset his password.

can someone tell me what am i doing wrong?


#2

Hey FreedomSka,
you have to use the raw bytes for the function hash_pbkdf2 and you have to save the bin2hex salt value to the database.
Here is the code:

<?php
  // input
  $password  = "password";

  $salt = random_bytes(32);
  $hash = hash_pbkdf2 ("sha256" , $password , $salt , 10000);
  $passwd = "PBKDF2SHA256$" . $iterations . "$" . bin2hex($salt) . "$" . $hash;

  // output
  echo $passwd
?>

#3

Hey everybody,

and here is the code to create the hash_pbkdf2 with python (without the use of django):

#!/usr/bin/env python
# encoding: utf-8

import os
import sys
import hashlib
import base64

from os import urandom
from base64 import b64encode
from hashlib import pbkdf2_hmac

password=sys.argv[1]
salt=urandom(32)
hex = hashlib.pbkdf2_hmac('sha256', password, salt, 10000, 32)
print 'PBKDF2SHA256$10000$' + salt.encode('hex') + '$' + hex.encode('hex')

Best regards
Christoph