CREATING & VERIFYING SSHA PASSWORDS

Here is a  simple php program to create ssha hash of a simple text password.
Then I have decoded that ssha encrypted password again to check that the salted password
is correct or not.

$password = "mypassword";

// Generate SSHA hash
mt_srand((double)microtime()*1000000);
$salt = pack("CCCC", mt_rand(), mt_rand(), mt_rand(), mt_rand());
$hash = "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt)) . $salt);
echo $hash . "\n";

// Verify SSHA hash
$ohash = base64_decode(substr($hash, 6));
$osalt = substr($ohash, 20);
$ohash = substr($ohash, 0, 20);
$nhash = pack("H*", sha1($password . $osalt));
if ($ohash == $nhash) {
   echo "Password OK\n";
 } else {
   echo "Password verification failed\n";
 }

?>

0 comments:

Copyright © 2008 - ProSceNiuM - is proudly powered by Blogger
Blogger Template