[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {SSHA} for PHP

To: Jack van Rock <kampflitchi@googlemail.com>
Subject: Re: {SSHA} for PHP
From: "Daniel T. Bender" <daniel@invis-server.org>
Date: Mon, 01 Dec 2008 11:11:41 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <492DA256.40507@googlemail.com>
References: <492DA256.40507@googlemail.com>
User-agent: Thunderbird 2.0.0.18 (X11/20081112)

Jack van Rock schrieb:
> <?php
>    $password_sub       = "test";
>    $passsowrd_hash_db  = base64_decode("e1NTSEF9aH....");
>    $salt = base64_decode(substr($passsowrd_hash_db , 32));
password format:

$pwd = "{SSHA}" . base64_encode( sha1( $pass . $salt, true) . $salt );


so just backtrace from there

// skip the "{SSHA}"
$b64 = substr($ldap_entry, 6)

// base64 decoded
$b64_dec = base64_decode($b64)

// the salt (given it is a 4byte one)
$salt = substr(b64_dec, -4)

// the sha1 part
$sha = substr($b64_dec, 20)

// now compare
$sha == base64_encode( sha1($challengepw . $salt) . $salt )

Prev by Date: Re: Some servers are delay synced...
Next by Date: Can join domain but cannot login
Index(es):
- Chronological
- Thread