PHP: How to calculate the SSHA value of a string

Articles may may have files attached at the end of the post

Submitted by chantra on Mon, 02/16/2009 - 23:01

This bit of code allow one to generate SSHA password as accepted by 'ldapmodify' userPassword entry.
unlike SHA, SSHA is using a random seed, increasing the security of your passwords.

These function are based on the explanation provided at OpenLDAP's What are {SHA} and {SSHA} passwords and how do I generate them? page.

<?php
 
function make_ssha_password($password){
  mt_srand((double)microtime()*1000000);
  $salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
  $hash = "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt)) . $salt);
  return $hash;
}
 
function ssha_password_verify($hash, $password){
  // Verify SSHA hash
  $ohash = base64_decode(substr($hash, 6));
  $osalt = substr($ohash, 20);
  $ohash = substr($ohash, 0, 20);
  $nhash = pack("H*", sha1($password . $osalt));
  if ($ohash == $nhash) {
    return True;
  } else {
    return False;
  }
}
 
$encpass = make_ssha_password($argv[1]);
print("Encoded password is: $encpass\n");
 
if(ssha_password_verify($encpass, $argv[1])){
  print("Password could be verified\n");
}else{
  print("Password could  not be verified\n");
}
?>