Migrating password LDAP SSHA hash to new one

ssha-to-new.js

var readline = require('readline');
var crypto = require('crypto');
var kdf2 = require('pbkdf2-password');
var hasher = kdf2({digest: 'sha256', iterations: 1000, keyLength: 64});

var r = readline.createInterface({
	input: process.stdin,
	output: process.stdout
});

r.prompt();

r.on('line', function(line) {
	var buf = new Buffer(line.substring(6), 'base64');
	var old_hash = buf.slice(0, 20);
	var old_salt = buf.slice(20, 24);
	crypto.randomBytes(60, function(err, tmp_salt) {
		if(err) throw err;
		var new_salt = Buffer.concat([old_salt, tmp_salt]);
		old_salt.copy(new_salt, 0, 4);
		hasher({password: old_hash.toString('base64'), salt: new_salt.toString('base64')}, function(err, pass, salt, new_hash) {
			if(err) throw err;
			console.log('new hash : ' + new_hash.toString('base64') + ', new salt : ' + new_salt.toString('base64'));
		});
	});
});

test-new.js

var readline = require('readline');
var crypto = require('crypto');
var kdf2 = require('pbkdf2-password');
var hasher = kdf2({digest: 'sha256', iterations: 1000, keyLength: 64});

var r = readline.createInterface({
	input: process.stdin,
	output: process.stdout
});

r.prompt();

r.on('line', function(line) {
	var data = line.split('\\\\');
	var new_salt = new Buffer(data[1], 'base64');
	var old_salt = new_salt.slice(0, 4);
	var tmp_hash = crypto.createHash('sha1').update(Buffer.concat([new Buffer(data[0]), old_salt])).digest('base64');
	hasher({password: tmp_hash, salt: new_salt.toString('base64')}, function(err, pass, salt, result) {
		if(err) throw err;
		console.log(result);
	});
});

test-new.php

<?php
$lines = file_get_contents('php://stdin');
foreach(explode("\n", $lines) as $line)
{
	if(!$data = trim($line)) break;
	$data = explode("\\\\", $data);
	$data[1] = base64_decode($data[1]);
	$old_salt = substr($data[1], 0, 4);
	echo base64_encode(hash_pbkdf2('sha256', base64_encode(sha1($data[0].$old_salt, true)), $data[1], 1000, 64, true)) . PHP_EOL;
}
?>