Does this lib mach python's Passlib behavior?

[lucasdiedrich]

Hello, from the past 3 days i can't find a nodejs library that can hash an password just like python passlib, i'm probably missing something but doesn't no why.

hash_python = '$pbkdf2-sha512$25000$0HrPeU8pJUTonbP2HgPgfA$fSsikakW8sa7HRP2V44DLk5bnmUCrd7kW8oVNbC.npVqgYhKrenTQ4rAQK6g4XQPX2K6.iNWOITz2X0aLOSA3A'
password = 'admin'
salt = hash_python.split('$')[3]
rounds = parseInt(hash_python.split('$')[2])
hash_final = hash_python.split('$')[4]
sha = 'sha512'

const passwordHash = require('pbkdf2-password-hash')
passwordHash.hash(password,salt,{iterations: rounds})
  .then((hash) => {
    var string = hash.split('$')[4]
    console.log('HASH-passwordHash ' + string.toString('base64'));
// =>HASH-passwordHash fSsikakW8sa7HRP2V44DLk5bnmUCrd7kW8oVNbC+npVqgYhKrenTQ4rAQK6g4XQPX2K6+iNWOITz2X0aLOSA3A==
  })

Can i achieve the correct hash with this lib?
Thanks if you are reading this.

[perry-mitchell]

Hi @lucasdiedrich! Iocane doesn't expose any of its hashing functionality, and only provides an API for encryption. It looks like you're looking for a PBKDF2 hashing function, but I'm guessing that it might be impossible to find a 1:1 match already in existence. You could write your own using the pbkdf2 package that iocane uses.

The tricky part is finding out what components are in your hashed password string, and what the delimiters are. It seems to be a mixture of dollar signs and periods.

Worst case scenario you could just wrap passlib as an external executable (it would become a system dependency of your app), but that depends on how portable you want your application to be. execa is a good execution toolkit if you were to take this route.

Good luck!