I have a backend application written in Python used by the content managers of my site. Users' passwords are hashed using passlib's pbkdf2_sha512 function. I began to develop the frontend application for which I decided to use nodejs with React for UX reasons.
Now my problem is I can't figure out how can I verify the passwords hashed by passlib using nodejs for authenticating my users. Passlib's implementation seems too specific to me and I'm not really into crypto stuff to figure it out.
I have the MCF so I know the algorithm and digest type, the salt, the number of iterations and the key length. How can I verify this output from passlib in node? Should I rather choose another algorithm better supported by both platforms?
Ok, I turned to sha512_crypt instead and found a nice library for node called sha512crypt-node. The README itself contains an example for both Python and Node, exactly what I needed. Here's a little example for ppl. using these platforms:
Python:
from passlib.hash import sha512_crypt
orig = "password"
h = sha512_crypt.encrypt(orig)
print("hash", h)
# h for eg. is $6$rounds=100000$5YnTXatKh4b1pLjp$3QQjVIfjrbiTakj.wkaw1woAcFiPRAjJP2U/b3BiGW4m8OvI8x0tgw1bb63dNQWMUl1uYNDBcTO3tWgrJ6eHh1
okay = sha512_crypt.verify(orig, h)
print("verified", okay)
Node:
var sha512crypt = require("sha512crypt-node").sha512crypt;
// origHash is the hash generated by passlib
var origHash = "$6$rounds=100000$5YnTXatKh4b1pLjp$3QQjVIfjrbiTakj.wkaw1woAcFiPRAjJP2U/b3BiGW4m8OvI8x0tgw1bb63dNQWMUl1uYNDBcTO3tWgrJ6eHh1",
parts = origHash.split('$'),
rounds = parts[2],
salt = '$' + parts[1] + '$' + rounds + '$' + parts[3],
password = "password";
var hash = sha512crypt(password, salt);
console.log("verified", hash === origHash);