[jdev] Seeking jabber implementers for SCRAM-SHA-1 testing

Simon Josefsson simon at josefsson.org
Wed Nov 4 08:46:53 CST 2009

Dave Cridland <dave at cridland.net> writes:

> On Tue Nov  3 15:58:34 2009, Simon Josefsson wrote:
>> So hopefully it is Just A Small Matter of, err, reordering the
>> fields
>> and things will work.  Hopefully.
> Nope - my implementation and the specification have obviously drifted
> considerably.
> I think I've now brought my implementation into line, though, and it
> still fails to work.
> The portion I'm finding hardest to test is my Hi() function. I have,
> for example:
> Hi( 'pencil', '$\x93<\xdeM\x0e\xa42\xdf:\x86\x19', 4096 ) =>
> \x1e\x0ba\xd9\xb6>\x8aiN8\x98\xc8c\xad\x85is\x03"='
> That's with a base64 encoded salt of JJM83k0OpDLfOoYZ

That seems wrong, check your PBKDF2 implementation.  I have created a
small test tool (see below) to print pbkdf2 outputs, and with those
inputs I get the following output:

6c 30 ac 3f 42 98 52 b2 14 2e 1f d2 c6 be cb de 36 4a ff 8d 

This is with an PBKDF2 implementation that is used in both GNU Shishi
for Kerberos V5 and GnuTLS for X.509 (and GNU SASL for SCRAM but that
proves nothing) so I feel fairly confident that it is correct.  I could
have made an error in my test tool though.

However I cannot find any test vectors for PBKDF2 which seems bad, I'll
see if I can put together a document on that.

Here is how to use my tool:

jas at mocca:~$ git clone git://git.josefsson.org/git/pbkdf2.git
jas at mocca:~$ cd pbkdf2/
jas at mocca:~/pbkdf2 master$ autoreconf -i
jas at mocca:~/pbkdf2 master$ ./configure
jas at mocca:~/pbkdf2 master$ make
jas at mocca:~/pbkdf2 master$ ./pbkdf2 
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1 
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1 
4b 00 79 01 b7 65 48 9a be ad 49 d9 26 f7 21 d0 65 a4 29 c1 
jas at mocca:~/pbkdf2 master$ 

See pbkdf2.c for changing the password/salt values.


More information about the JDev mailing list