insightautomate
insightautomate
PostsComments
BABetter Auth
Created by insightautomate on 5/9/2025 in #help
Hashing script to seed database
The palace project - the cases forI am trying to create a python script that lets me seed my database with dummy test data. I need to create some accounts but I want to be able to actually log into these accounts which means setting passwords. However, I'm struggling to work out how to set the password in the db. I have tried a few different python scripts (my seeding is produced with python) but not succeeding so far. I have tried to mimic the same method used by better-auth. 
import os
import unicodedata
import hashlib
import hmac

# exactly the same params as better-auth
SCRYPT_PARAMS = dict(n=16384, r=16, p=1, dklen=64)

# mirror their maxmem: 128 * N * r * 2
MAXMEM = 128 * SCRYPT_PARAMS["n"] * SCRYPT_PARAMS["r"] * 2

def hash_password(password: str) -> str:
    """
    → salt:key just like better-auth (hex:salt, hex:key)
    → no BETTER_AUTH_SECRET is used here
    """
    # 1) Unicode NFKC normalization
    normalized = unicodedata.normalize("NFKC", password)
    # 2) random 16-byte salt
    salt = os.urandom(16)
    # 3) scrypt with explicit maxmem
    key = hashlib.scrypt(
        normalized.encode("utf-8"),
        salt=salt,
        n=SCRYPT_PARAMS["n"],
        r=SCRYPT_PARAMS["r"],
        p=SCRYPT_PARAMS["p"],
        dklen=SCRYPT_PARAMS["dklen"],
        maxmem=MAXMEM,
    )
    # 4) return hex(salt):hex(key)
    return f"{salt.hex()}:{key.hex()}"

pw = "12345678"
h = hash_password(pw)
print("Hash:", h)
import os
import unicodedata
import hashlib
import hmac

# exactly the same params as better-auth
SCRYPT_PARAMS = dict(n=16384, r=16, p=1, dklen=64)

# mirror their maxmem: 128 * N * r * 2
MAXMEM = 128 * SCRYPT_PARAMS["n"] * SCRYPT_PARAMS["r"] * 2

def hash_password(password: str) -> str:
    """
    → salt:key just like better-auth (hex:salt, hex:key)
    → no BETTER_AUTH_SECRET is used here
    """
    # 1) Unicode NFKC normalization
    normalized = unicodedata.normalize("NFKC", password)
    # 2) random 16-byte salt
    salt = os.urandom(16)
    # 3) scrypt with explicit maxmem
    key = hashlib.scrypt(
        normalized.encode("utf-8"),
        salt=salt,
        n=SCRYPT_PARAMS["n"],
        r=SCRYPT_PARAMS["r"],
        p=SCRYPT_PARAMS["p"],
        dklen=SCRYPT_PARAMS["dklen"],
        maxmem=MAXMEM,
    )
    # 4) return hex(salt):hex(key)
    return f"{salt.hex()}:{key.hex()}"

pw = "12345678"
h = hash_password(pw)
print("Hash:", h)
The hashing works fine but if I put that in my db I can't log in using 12345678. Don't worry this is all local! Should I be using the BETTER_AUTH_SECRET somewhere? I couldn't see its use in the js library.
4 replies