Incompatible hash format for MSF Auth Hashing Algorithm (PBKDF2) for PHP

alvyxaz / barebones-masterserver

Master Server framework for Unity

475 stars 106 forks source link

Incompatible hash format for MSF Auth Hashing Algorithm (PBKDF2) for PHP #205

Open Youdaman opened 6 years ago

Youdaman commented 6 years ago

Re https://github.com/alvyxaz/barebones-masterserver/wiki/MSF-Auth-Hashing-Algorithm-(PBKDF2)-for-PHP

As per https://github.com/defuse/password-hashing#hash-format the hash format is:

algorithm:iterations:hashSize:salt:hash

Whereas MSFSecruity.ValidatePassword and Msf.Client.Auth.Register use the format:

iterations:salt:hash

Youdaman commented 6 years ago

For anyone that's interested, here's a way to generate the hashed password in JavaScript/Node:

var crypto = require('crypto');

var password = "testing123";

var length = 24;
var iterations = 1000;
var algorithm = "sha1";

var salt = crypto.randomBytes(length);
var hash = crypto.pbkdf2Sync(password, salt, iterations, length, algorithm);

var msf2password = iterations + ":" + salt.toString('base64') + ":" + hash.toString('base64');