Hi,
I am trying to migrate some users from Crowd to Auth0 and ideally, I don't want to ask users to change their passwords.
I am running Crowd 3.2 and the passwords look like {PKCS5S2}123blablabla
I have learned from a few articles that Crowd uses "a dumb wrapper around Bouncy Castle's implementation of PKCS 5 version 2 (aka PBKDF2), using a random 16 byte salt, 10,000 iterations, and generating a 256-bit hash as the final output."
Auth0 supports the importing of custom password hash and one of them is pbkdf2
I looked at a few examples and I am starting to build the required json. One of the requirement is to include an id that has the pbkdf2 algorithm with an appended digest.
I have chosen sha1 but I am not sure if this is what is used by Atlassian. This is the list of supported digest
My json file looks like this at the moment:
"custom_password_hash": {
"algorithm": "pbkdf2",
"hash": {
"value": "$pbkdf2-sha1$i=10000,l=32${salt_value}${checksum/hash value}"
}
}
where $i=10000 is the iterations – which I am assuming is correct
l=32 is the "keylen" – I am confused about this value, I know that it needs to specify in bytes so it could be the 256-bit hash (in bytes)
At the moment I am able to import a test user correctly with these values but the login fails.
Thanks in advance.
