As far as my knowledge says in digest authentication, a client does an irreversible computation, using the password and a random value supplied by the server as input values. The result is transmitted to the server who does the same computation and authenticates the client if he arrives at the same value. Since the computation is irreversible, an eavesdropper can’t obtain the password.
Keeping eye on the above definition, I used CryptoJS.HmacSHA256("password", "key") in Javascript to send the information to django server, now the problem is:
I need to check that in server using same logic but django already has hashed the password in its own format, for example using pbkdf2_sha256.
Should I use some reversible algorithm like AES? I don’t think it is possible to crack django’s hashing algorithm and write the same for client side?
Why are you trying to do authentication in this manner? You can not use djangos default authentication for this.
What you could do though is (for example):
I used the details in this article to implement the algorithm. Even if you aren’t using this method, you’re still going to need to create your own custom authentication backend.