TLDR: What does Hybris do with password hashes before storing them in the database? Because values in the database field are NOT standard password hashes.
I had to add the TLDR above, because two users posted answers that are indicative that they didn't read (or understand) the question.
I'm working with Hybris 1905. When I set a user's password in backoffice, I can choose the type of hashing algorithm, including MD5, SHA-256 and a few others. Yet the password value stored in the database is clearly not a simple hash with the algorithm. For example, here are hashes of password test1234, with various hashing algorithms:
1:Gtjd5QVM/t0HLT5PvZCU4g==s9B8Vw/BIkzixwzMzueRR1R6WY9y8Fq9BqFqwGIuY2fGK+KFYSXjNf5G0fbAlb9u1:etvHTnwzMfX/DnbNPhmQBA==8jq6sLLcb/PrIhVB9D+YA61L2mr0dlBYr/84G/K9Kzqe4gpvPF10ja8RaIE94b3A+joszlMutGrHezDs871A/8Yr4oVhJeM1/kbR9sCVv24=1:ZSaQW0C+r/NMVwRRVTCm9w==4qQJdmvU4PE02ipY0Mvkp2sb+bMuMHTiMIVE2m6NESzv2BEFG2O1MIjkzFUES6f7jzoVOEuVmd/E8mqOUoogbL9rpkOPmeMEj5EpB2iued3UAouLvv6PuUCyFJGJdoRsZJzwO2Lj30iokY4RsG0OKXYuGdUjNYU7X1AUggH+eWfGK+KFYSXjNf5G0fbAlb9u1:HIKWvUwTA/pVC9mXzl9qgw==NOsr8pkNUIbEGoiWFa5oArnlEfZNALK0cuczK7dxtxHbDTby+7w3ml1pf8HNmXjalq1A/tSvlb+gwZMRS4Q7ncMhU5w1b6HwV+BGEBG9ecqahzUOK7mNZrLbh9t50M0mRr2AVQJnn7bfvdJ5E3C4UPdoN44v1mAgIuC/9RKTnhj/1BhjHqKf1pozhFfoBz8FdSxBQMmKY91/c4VzkinqiSy5wkaWjOSQQuAN9ZoWmvw=1:GL1kPl93Nx4RjOymIhC1Kw==Xh9ZddGPIxUqpipcEvJ+bRHApEyWVPkXtxPlsYgzokUo4ktC/vh4weA6hrMEebtQC/OttaVzG3+9tUCHxFHCcw==Clearly this is some sort of encoding that Hybris puts on top of the chosen hashing algorithm - but what is it? Is it encoding (i.e. can be decoded) or hashing?
I need to migrate a large database of users from another platform to this Hybris installation. I have existing usernames and corresponding hashed passwords, which I want to import. These are standard bcrypt hashes, so the same test1234 string would have hash $2y$16$mK9cm.pwOp8ve9oH0VqkT.123HGy/RHYLcd1GB.N5zEqBylV.22wm. Yet I am struggling to understand how to import this hash into Hybris users table.
What does Hybris do with password hashes before storing them in the database? Because values in the database field are NOT standard password hashes.
Its because encodedPassword attribute declared with encrypted="true" modifier. Due to that hybris encrypt value before storing to DB. Read more about Transparent Attribute Encryption (TAE) and how it works in hybris.
<attribute autocreate="true" qualifier="encodedPassword" type="java.lang.String">
<persistence type="property" qualifier="Passwd">
<columntype>
<value>HYBRIS.LONG_STRING</value>
</columntype>
</persistence>
<modifiers read="true" write="true" search="true" optional="true" encrypted="true"/>
</attribute>
In your case, you probably need to create your own password encoder and set it to all migrated users, so that your system manages to authenticate migrated users with custom encoder, and then you can redirect the user to reset the password. In the reset password flow, you can update the password encoding with the new OOTB encoder so that new hash will be generated.