view release on metacpan or  search on metacpan

lib/Crypt/SaltedHash.pm  view on Meta::CPAN

    Split Digest into 2 byte arrays, one for bytes 0 – 20(pwhash), one for bytes 21 – 32 (salt)
    Get the target string and salt as separate binary object
    Concatenate the 2 binary values
    SHA hash the concatenation into targetPasswordHash
    Compare targetPasswordHash with pwhash
    Return corresponding Boolean value

Our job is to split the original digest up into 2 distinct byte arrays, one of the left 20 (0 - 20 including the null terminator) bytes and
the other for the rest of the data. The left 0 – 20 bytes will represent the salted  binary value we will use for a byte-by-byte data
match against the new clear text presented for verification. The string presented for verification will have to be salted as well. The rest
of the bytes (21 – 32) represent the random salt which when decoded will show the exact hex characters that make up the once randomly
generated seed.

We are now ready to verify some data. Let's start with the 4 hashes presented earlier. We will run them through our code to extract the
random salt and then using that verify the clear text string hashed by slappasswd. First, let's do a verification test with an erroneous
password; this should fail the matching test:

    {SSHA}72uhy5xc1AWOLwmNcXALHBSzp8xt4giL Test123
    Hash extracted (in hex): ef6ba1cb9c5cd4058e2f098d71700b1c14b3a7cc
    Salt extracted (in hex): 6de2088b
    Hash length is: 20 Salt length is: 4