Given a LDAP password stored in SHA-1/{SSHA} how would I validate it in erlang.

Question

0

Editorial Team

Asked: June 14, 20262026-06-14T04:02:51+00:00 2026-06-14T04:02:51+00:00

Given a LDAP password stored in SHA-1/{SSHA} how would I validate it in erlang.

0

Given a LDAP password stored in SHA-1/{SSHA} how would I validate it in erlang.

For example – given the following {SSHA}:

% slappasswd -s myPassword
{SSHA}GEH5kMEQZHYHS95dgr6KmFdg0a4BicBP
%

How would I (in erlang) validate that clear text ‘myPassword’ matches with the hashed value of ‘{SSHA}GEH5kMEQZHYHS95dgr6KmFdg0a4BicBP’.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-14T04:02:52+00:00

After some help from others I’ve come up with a routine to do this in Erlang. Following up here to share with others.

First – this link (found in another post) gives functions in other languages doing what I wanted:

http://www.openldap.org/faq/data/cache/347.html

The trick was that the ‘ldap {SSHA}’ encoding is a salted-SHA1 hash which is also base64 encoded. So – you must decode it, extract the salt and then use that in the re-encoding of the ‘clear password’ for comparison.

Here is a short Erlang routine which does this:

validatessha(ClearPassword, SshaHash) ->
    D64 = base64:decode(lists:nthtail(6, SshaHash)),
    {HashedData, Salt} = lists:split(20, binary_to_list(D64)),
    NewHash = crypto:sha(list_to_binary(ClearPassword ++ Salt)),
    string:equal(binary_to_list(NewHash), HashedData).

Given the data in my original post – here’s the output:

67> run:validatessha("myPassword", "{SSHA}GEH5kMEQZHYHS95dgr6KmFdg0a4BicBP").
true
68>

Thanx all.

Mike

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Given a LDAP password stored in SHA-1/{SSHA} how would I validate it in erlang.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply