Re: {SSHA} for PHP

Jack van Rock schrieb:

<?php $password_sub = "test"; $passsowrd_hash_db = base64_decode("e1NTSEF9aH...."); $salt = base64_decode(substr($passsowrd_hash_db , 32));

password format:

$pwd = "{SSHA}" . base64_encode( sha1( $pass . $salt, true) . $salt );

so just backtrace from there

// skip the "{SSHA}" $b64 = substr($ldap_entry, 6)

// base64 decoded $b64_dec = base64_decode($b64)

// the salt (given it is a 4byte one) $salt = substr(b64_dec, -4)

// the sha1 part $sha = substr($b64_dec, 20)

// now compare $sha == base64_encode( sha1($challengepw . $salt) . $salt )