[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing

Dave Cridland dave at cridland.net
Tue Nov 3 12:13:09 CST 2009

On Tue Nov  3 15:58:34 2009, Simon Josefsson wrote:
> So hopefully it is Just A Small Matter of, err, reordering the  
> fields
> and things will work.  Hopefully.

Nope - my implementation and the specification have obviously drifted  

I think I've now brought my implementation into line, though, and it  
still fails to work.

The portion I'm finding hardest to test is my Hi() function. I have,  
for example:

Hi( 'pencil', '$\x93<\xdeM\x0e\xa42\xdf:\x86\x19', 4096 ) =>  

That's with a base64 encoded salt of JJM83k0OpDLfOoYZ, and producing  
a base64 encoded SaltedPassword of Hgth2bY+imlOOJjIY62FaXMDIj0= if  
this helps.

Otherwise, everything seems to be straightforward (admittedly there  
are lots of changes I'd not noticed, so it's possible I'm missing  

But the StoredKey I have is  
'.G{\xb7\x06gY\xf0\xe3\x9b@/\x1b5\x0b^e\xf8\x0e\x89', and given the  
AuthMessage of  
that provides a ClientSignature of  

I've checked those thoroughly against the spec, and I can't *see*  
anything obviously wrong.

Any ideas?

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the JDev mailing list