diff --git a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
index c16008c11c3..6f1fdbfe5c5 100644
--- a/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/password/algorithm/Pbkdf2.class.php
@@ -29,7 +29,7 @@ public function verify(
         }
         [$hash, $salt, $algo, $iterations, $length] = $parts;
 
-        return \hash_equals($hash, \hash_pbkdf2($algo, $password, $salt, $iterations, $length));
+        return \hash_equals($hash, \bin2hex(\hash_pbkdf2($algo, $password, $salt, $iterations, $length, true)));
     }
 
     /**
@@ -43,7 +43,7 @@ public function hash(
         $algo = 'sha256';
         $iterations = 600000;
         $length = 32;
-        $hash = \hash_pbkdf2($algo, $password, $salt, $iterations, $length);
+        $hash = \bin2hex(\hash_pbkdf2($algo, $password, $salt, $iterations, $length, true));
 
         return \implode(':', [$hash, $salt, $algo, $iterations, $length]);
     }