[JDEV] 0K Authentication

Chris Chen ckchris at idream.net
Wed Oct 10 21:18:12 CDT 2001


Hi...

I just released a new version of Muse Jabber API.  Hopefully some of you 
are willing to try and test it for me.. This new release boasts support for 
XML-RPC and JabberRPC, jabber:iq:time, jabber:iq:version, jabber:iq:last, 
jabber:x:delay, jabber:x:roster, jabber:x:event, and jabber:x:expire.

http://www.echomine.org/projects/muse/

Aside from my shameless plug for my API, I do have an issue regarding the 
0K authentication implementation.

I've been trying to implement 0k authentication in Java and I have no yet 
gotten it to work.. I followed the docs to the dot (and even strayed away 
from it just to be adventurous and lucky), but the Hash that I'm generating 
still doesn't correspond to the Hash that should be sent to the server.

I'm rather confused... Not only that, the 0k authentication draft document 
doesn't specify exactly what the payload looks like to set/reset the 0k 
authentication.

Here's a snippet of my algorithm code that generates the the hash.. any 
help is appreciated..

     protected String getZeroKnowledgePassword(JabberContext context, 
String zerokToken, int zerokSeq) {
         //cache hash so no need to go through calculation again
         if (hash != null) return hash;
         //instantiate a SHA1 hash
         try {
             MessageDigest md = MessageDigest.getInstance("SHA");
             //hash password first
             md.update(context.getPassword().getBytes());
             byte[] hashA = md.digest();
             //now hash hashA + zerokToken
             md.reset();
             md.update(HexDec.convertBytesToHexString(hashA).toLowerCase().getBytes());
             md.update(zerokToken.getBytes());
             byte[] hash0 = md.digest();
             byte[] hashSeq = new byte[hash0.length];
             System.arraycopy(hash0, 0, hashSeq, 0, hash0.length);
             for (int i = 0; i < (zerokSeq - 1); i++) {
                 md.reset();
                 //just start hashing
                 hashSeq = md.digest(hashSeq);
             }
             //convert to hex representation
             hash = HexDec.convertBytesToHexString(hashSeq);
         } catch (NoSuchAlgorithmException ex) {
             return "";
         }
         return hash;
     }


Thanks,
Chris

PGP at ldap://certserver.pgp.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20011010/0a57126f/attachment-0002.htm>


More information about the JDev mailing list