Share via


Sample C# code to create SHA1 Salted (SSHA) password hashes for OpenLDAP

 This posting is provided "AS IS" with no warranties, and confers no rights. 
 Use of included script samples are subject to the terms specified at https://www.microsoft.com/info/cpyright.htm 
  

Since SSHA (Salted SHA1) is now most commonly used in storing password hashes in OpenLDAP, folks who need to create accounts on this system from .NET (ex. Forefront Identity Manager FIM), may find this sample useful.

 

  
       public static string GenerateSaltedSHA1(string plainTextString)
      {
            HashAlgorithm algorithm = new SHA1Managed();
            var saltBytes = GenerateSalt(4);
            var plainTextBytes = Encoding.ASCII.GetBytes(plainTextString);

            var plainTextWithSaltBytes = AppendByteArray(plainTextBytes, saltBytes);
            var saltedSHA1Bytes = algorithm.ComputeHash(plainTextWithSaltBytes);
            var saltedSHA1WithAppendedSaltBytes = AppendByteArrays(saltedSHA1Bytes, saltBytes);
           
            return "{SSHA}" + Convert.ToBase64String(saltedSHA1WithAppendedSaltBytes);
      } 

        
       private static byte[] GenerateSalt(int saltSize)
       {
            var rng = new RNGCryptoServiceProvider();
            var buff = new byte[saltSize];
            rng.GetBytes(buff);
            return buff; 
       }
  private static byte[] AppendByteArray(byte[] byteArray1, byte[] byteArray2)
 {
      var byteArrayResult =
              new byte[byteArray1.Length + byteArray2.Length];

      for (var i = 0; i < byteArray1.Length; i++)
           byteArrayResult[i] = byteArray1[i];
      for (var i = 0; i < byteArray2.Length; i++)
           byteArrayResult[byteArray1.Length + i] = byteArray2[i];

      return byteArrayResult;
  }
  
  

References

 How To: Hash Data with Salt (C#/VB.NET)  
  What are {SHA} and {SSHA} passwords and how do I generate them? (from OpenLDAP documentation)