[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: {SSHA} for PHP
Jack van Rock schrieb:
> <?php
> $password_sub = "test";
> $passsowrd_hash_db = base64_decode("e1NTSEF9aH....");
> $salt = base64_decode(substr($passsowrd_hash_db , 32));
password format:
$pwd = "{SSHA}" . base64_encode( sha1( $pass . $salt, true) . $salt );
so just backtrace from there
// skip the "{SSHA}"
$b64 = substr($ldap_entry, 6)
// base64 decoded
$b64_dec = base64_decode($b64)
// the salt (given it is a 4byte one)
$salt = substr(b64_dec, -4)
// the sha1 part
$sha = substr($b64_dec, 20)
// now compare
$sha == base64_encode( sha1($challengepw . $salt) . $salt )