Nwah Nwah - 1 year ago 86
Node.js Question

Creating an HMAC with an existing password hash and salt

For migration reasons I need to take an existing password & salt and place it into Firebase. I'm uploading accounts into Firebase using the google identity kit. This kit allows me to create users and requires a SHA-1 password salted.

var user1 = {
localId: userId,
email: email,
salt: new Buffer('salt-1'),
passwordHash: crypto.createHmac('SHA1', this.hashKey).update('a password' + 'salt-1').digest()

Above is what would be uploaded to the server. Is there any way to crypto.createHmac with an existing SHA-1 hash and salt? I've tried just replacing the passwordHash and salt with the values, but they need to be encoded the same way createHmac encodes them.

Answer Source

See HMAC Implementation.

The key HMAC code is:

hash(o_key_pad ∥ hash(i_key_pad ∥ message))

So it seems the answer is no since the padded key needs to be concatenated with the message.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download