[JDEV] Zerok Authentication
antoine_maitre at yahoo.com
Wed Dec 19 13:13:48 CST 2001
your explanation is not confusing at all. I haven't
tried it yet, but this must be the problem because I
don't do the conversion, I just hash it as it is.
Thanks a lot,
--- Iain Shigeoka <iainshigeoka at yahoo.com> wrote:
> On 12/18/01 2:44 AM, "Antoine Maitre"
> <antoine_maitre at yahoo.com> wrote:
> > I'm trying to implement zerok authentication for
> my client. I use the method
> > described in the document
> > but it doesn't work. I checked the the XML files
> in the spool folder on the
> > Jabber server and the hash provided there doesn't
> match. Can anyone tell me
> > what I'm doing wrong.
> Your protocol packets look good. I'd guess that
> you're not carrying out the 0k
> auth algorithms correctly. The document you refer
> to is not very clear on the
> implementation of the 0k computation. For example,
> each hash(n) that you
> create must be converted to a lower case hexadecimal
> string representation
> which is then used as input for the next
> hash(n+1)... This can be confusing
> because the real hash is a set bits and not the
> hexadecimal string
> representation (and it must lowercase).
> I hope this isn't confusing rather than helping...
> Arrgh. Let me run through
> the algorithm
> sha1 digest(password + toke) => hash0' ->>>
> lowercase hex rep ->>> hash0
> sha1 digest(hash0) => hash1' ->>> lowercase hex rep
> ->>> hash1
> sha1 digest(hash1) => hash2' ->>> lowercase hex rep
> ->>> hash2
> The doc doesn't explain the "->>> l.h.r. ->>>" step
> and from a normal
> cryptography standpoint you'd never think to do
> that... :)
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for
> all of
> your unique holiday gifts! Buy at
> or bid at http://auctions.yahoo.com
> jdev mailing list
> jdev at jabber.org
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
More information about the JDev