I have exported database from Discourse. it does contain password_hash and salt.
I have done my research and found out that Django uses PBKDF2 by default and even Discours use that with hashing algorithm sha256 and number of iterations 64000.
I want to migrate those password so that Django will be able to authenticate a user with the same password.
There's a number of ways you could do this.
Write your own authentication method in the backend - which accepts the same hashing method as Discourse when a user attempts to login. This way the hashed password should match from the user's salt and the password they have entered.
This can be done as follows:
from django.contrib.auth.hashers import PBKDF2PasswordHasher
class MyPBKDF2PasswordHasher(PBKDF2PasswordHasher):
"""
A subclass of PBKDF2PasswordHasher that uses 64000 times more iterations.
"""
iterations = PBKDF2PasswordHasher.iterations * n
iterations = 64000 #Use this for simplicity!!
in hashers.py. Please note - PBKDF2PasswordHasher.iterations * n will have to equal 64000 - I think the number of iterations is currently set to 150000, so probably easier to have iterations = 64000 directly. The iterations is all you're looking to change, and all other behaviour will be inherited from the PBKDF2PasswordHasher Class.
Then, all you will need is:
PASSWORD_HASHERS = [
'application_name.hashers.MyPBKDF2PasswordHasher',
]
in settings.py, where application_name is, yep you guessed it, the name of the application where hashers.py can be found.
However...the following documentation on storage and hashing of passwords may be extremely useful in your search:
https://docs.djangoproject.com/en/2.1/topics/auth/passwords/#auth-password-storage