Hi ! Is there any way to use `md5 hasher` in self-...
# talk-kratos
s
Hi ! Is there any way to use
md5 hasher
in self-host kratos ? I saw someone implement in the github , but I can't use the md5 hasher in my quick start yaml file . here is my yaml file
Copy code
version: v0.13.0

dsn: memory

serve:
  public:
    base_url: <http://127.0.0.1:4433/>
    cors:
      enabled: true
  admin:
    base_url: <http://kratos:4434/>
dev: true
selfservice:
  default_browser_return_url: <http://127.0.0.1:4455/>
  allowed_return_urls:
    - <http://127.0.0.1:4455>

  methods:
    password:
      enabled: true
    totp:
      config:
        issuer: Kratos
      enabled: true
    lookup_secret:
      enabled: true
    link:
      enabled: true
    code:
      enabled: true

  flows:
    error:
      ui_url: <http://127.0.0.1:4455/error>

    settings:
      ui_url: <http://127.0.0.1:4455/settings>
      privileged_session_max_age: 15m
      required_aal: highest_available

    recovery:
      enabled: true
      ui_url: <http://127.0.0.1:4455/recovery>
      use: code

    verification:
      enabled: true
      ui_url: <http://127.0.0.1:4455/verification>
      use: code
      after:
        default_browser_return_url: <http://127.0.0.1:4455/>

    logout:
      after:
        default_browser_return_url: <http://127.0.0.1:4455/login>

    login:
      ui_url: <http://127.0.0.1:4455/login>
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: <http://127.0.0.1:4455/registration>
      after:
        password:
          hooks:
            - hook: session
            - hook: show_verification_ui

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
  cipher:
    - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: md5

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>
b
No, it’s just there to allow importing MD5 hashed passwords. Why do you want to use MD5?
s
If I imported my password use md5 , how can I login use that password ?
because we use the md5 passwords in our old database , so I want to use the same password to login at future.
Is that passable ? or I'm wrong
b
if you imported the passwords like it is described here: https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords Kratos will store the old MD5 password in it’s database and re-hash the password on the next login by that user.
s
cool , sounds great !
I can't use the old
md5
password to login kratos. or I missing some configuration? I try to use md5 & base64 , I still can't login. But like you say , kratos can re-hash password when I use the
{ssha}
prefix or other hash method. here is my import user :
Copy code
{
  "schema_id": "default",
  "traits": {
    "email": "<mailto:md5_base64@test.com|md5_base64@test.com>",
    "name": {
      "last_name": "asdf",
      "first_name": "asdf"
    }
  },
  "credentials": {
    "password": {
      "config": {
        "hashed_password": "$md5$<my_hashed_password_and_base64>"
      }
    }
  }
}
kratos.yaml
Copy code
serve:
  public:
    base_url: <http://127.0.0.1:4433/>
  admin:
    base_url: <http://kratos:4434/>

selfservice:
  default_browser_return_url: <http://127.0.0.1:4455/welcome>
  allowed_return_urls:
    - <http://127.0.0.1:4455/welcome>
  methods:
    password:
      enabled: true
  flows:
    settings:
      ui_url: <http://127.0.0.1:4455/settings>

    verification:
      ui_url: <http://127.0.0.1:4455/verification>
      enabled: false

    recovery:
      ui_url: <http://127.0.0.1:4455/recovery>
      enabled: false

    logout:
      after:
        default_browser_return_url: <http://127.0.0.1:4455/login>

    login:
      ui_url: <http://127.0.0.1:4455/login>
      after:
        default_browser_return_url: <http://127.0.0.1:4455/welcome>

    registration:
      ui_url: <http://127.0.0.1:4455/registration>
      after:
        password:
          hooks:
            - hook: session
    error:
      ui_url: <http://127.0.0.1:4455/error>

log:
  level: debug

hashers:
  algorithm: bcrypt

identity:
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>

oauth2_provider:
  url: <http://hydra:4445>
but I also found this PR was merge @@ https://github.com/ory/kratos/pull/2725