I have a user's data and the passwords are hashed with HMAC-SHA256 and encrypted with AES (Umbraco CMS with uCommerce). I need to import that password so the old user could log in to the new website (using WordPress and WooCommerce). I have a secret key (salt) from the previous website and I intend to make the old password 'readable' and verified in WordPress as the password would re-hashed again using WordPress hashing algorithm when the user login.
I read the hash_hmac function in PHP and does it can be applied in WordPress authentication alongside WordPress's own hashing algorithm (MD5)?
Thank you.
Update
Previous title: HMAC-SHA256 hashed password in WordPress from another CMS
I have a website using Umbraco CMS (written in C#) and want to replicate their hashing algorithm in WordPress (PHP) to migrate the old password hashed in the previous website. I try to replicate the hash that I get from the DB:
- Password:
likeasmyname - Hashed:
X9gbVOGeHJPbifmaVCCYcg==qXwkrnY3HxAPB0bjnBxw3IAe3n0yX5q7Dk/I+MTAiX4=
That is the generated hash from the password "likeasmyname" using HMACSHA256 with salt in 128bit length. Based on their algorithm, they hash the password and prepend the salt before stored the DB. Source: GitHub
I infer that the X9gbVOGeHJPbifmaVCCYcg== is the salt and the rest is the password qXwkrnY3HxAPB0bjnBxw3IAe3n0yX5q7Dk/I+MTAiX4=
I try this:
<?
$password= "likeasmyname";
$passwordUtf16 = mb_convert_encoding($password, 'UTF-16LE');
$hashFull = "X9gbVOGeHJPbifmaVCCYcg==qXwkrnY3HxAPB0bjnBxw3IAe3n0yX5q7Dk/I+MTAiX4=";
$hashSalt = "X9gbVOGeHJPbifmaVCCYcg==";
$hashPassword = "qXwkrnY3HxAPB0bjnBxw3IAe3n0yX5q7Dk/I+MTAiX4=";
$hashSaltDecoded = base64_decode($hashSalt);
$hashAlgo = hash_hmac('sha256', $hashSaltDecoded . $passwordUtf16, $hashSaltDecoded, true);
echo $hashAlgo;
?>
Result:
Result: lg2AaF0ogBpop02CgdmeM3efENQwagXWpFhW7zG0Jpk=
Expected: qXwkrnY3HxAPB0bjnBxw3IAe3n0yX5q7Dk/I+MTAiX4=
What am I missing?
