Basically, I want to mirgrate a list of users with a pw that is hashed with pbkdf2-sha256 to a cms which uses phpass.
In order to accomplish this I try to check the entered pw by the user and generate the typo3 hashed pw in order to compare it with the record in the database.
I tried to reverse engineer the pbkdf2 hashing that typo3 uses (with a example user pw), but I don't get the expected result:
base64_encode( hash_pbkdf2( "sha256", "88t8R7EfRj9Xf3P", "4f3YKAmnn1dBBU1OPwfdzQ", 25000, 0, true ));
Result: x806WJJRfoHq25Pq2OTs3xfa18qIJ7tzwWaAzO3aKzU=
The stored hashed pw in the db is:
$pbkdf2-sha256$25000$4f3YKAmnn1dBBU1OPwfdzQ$fq4u5vEp6hm8G6Xi7E2UcnEjcLRgMhJ2Yx9v7ikWyZs
When I try this with a given example from stack overflow it works:
base64_encode( hash_pbkdf2( "sha256", "school bus", "BbirbJq1C1G7", 100000, 0, true ));
Result: IcYmssO2bsILHcTCzLxPs/YmVGNmKb3cSt2JWzVzP2I=
expected result: pbkdf2_sha256$100000$BbirbJq1C1G7$IcYmssO2bsILHcTCzLxPs/YmVGNmKb3cSt2JWzVzP2I=
I would really appreciate if someone can help with this.
Greetings, Julian
This does the trick except the padding:
$salt = base64_decode("4f3YKAmnn1dBBU1OPwfdzQ");
$hash_to_compare_with_db = base64_encode( hash_pbkdf2( "sha256", "88t8R7EfRj9Xf3P", $salt, 25000, 0, true ));
Thanks to all and especially to user 9014097