SSHA Password Hash with Golang
I recently trying to create an LDAP client that able to create LDAP entries based on Person’s objectClass. If you’re familiar with LDAP, objectClass Person requires you to create an encrypted one-way hashed password as userPassword attribute.
These are userPassword syntax as defined by ietf here:
userpasswordvalue = cleartext-password / prefix b64-hashandsalt
prefix = "{" scheme "}"
scheme = %x30-39 / %x41-5A / %x61-7a / %x2D-2F / %x5F
;0-9, A-Z, a-z, "-", ".", "/", or "_"
b64-hashandsalt = <base64 of hashandsalt>
hashandsalt = password-hash salt
password-hash = <digest of cleartext-password salt>
cleartext-password = %x00-FF
salt = %x00-FFWith SSHA, as the name suggest, scheme are always {SSHA} and the digest algorithm are SHA-1.
You can use slappasswd utility to generate such password as following…
$ /usr/sbin/slappasswd -s damnthisisareallylongpassword
{SSHA}Uj3B3F6TFgh75HglgesviRlTtB8POSFW“But I want to programmatically create one in my Go code!?”
Well, I guess you have to google for some Go library to do SSHA. If you can’t, you can always look at slappasswd source code at github. If you can’t, you can look at some implementation in maybe other language and create a port. If you can’t …
No worries, you can incorporate the following gist into your code.
To use them, simply …
encoder := SSHAEncoder{}// to encode a password into ssha
hashed, _ := encoder.Encode([]byte("damnthisisareallylongpassword"))
fmt.printf(hashed)// to validate a password against saved hash.
if encode.Matches(hashed, []byte("damnthisisareallylongpassword")) {
fmt.printf("Its a match.")
}
I hope this helps.