[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: {SSHA} for PHP



Jack van Rock schrieb:
> <?php
>    $password_sub       = "test";
>    $passsowrd_hash_db  = base64_decode("e1NTSEF9aH....");
>    $salt = base64_decode(substr($passsowrd_hash_db , 32));
password format:

$pwd = "{SSHA}" . base64_encode( sha1( $pass . $salt, true) . $salt );


so just backtrace from there

// skip the "{SSHA}"
$b64 = substr($ldap_entry, 6)

// base64 decoded
$b64_dec = base64_decode($b64)

// the salt (given it is a 4byte one)
$salt = substr(b64_dec, -4)

// the sha1 part
$sha = substr($b64_dec, 20)

// now compare
$sha == base64_encode( sha1($challengepw . $salt) . $salt )