[jdev] How to build "response" in sasl digest MD5

Waqas Hussain waqas20 at gmail.com
Thu Feb 18 03:20:53 CST 2010


On Thu, Feb 18, 2010 at 4:04 AM, IRcapmail <ircapmail at yahoo.es> wrote:

>
> 2. Compute the 16 octet MD5 hash of X. Call the result Y.
>
> %Y = $md5(%X)
>
> Result= 85434cc70bb832bc456c27834bfa5d25
>
>
This is incorrect. You need 16 octets, but your result is 32 octets. Don't
hex encode in this step.


>
>
> 3. Create a string of the form "Y:nonce:cnonce:authzid". Call this string
> A1.
>
> %A1 = %Y $+
> :x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:
> testuser456 at jabber.org/Psi
>
> Result=
> 85434cc70bb832bc456c27834bfa5d25:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:
> testuser456 at jabber.org/Psi
>
>
You are including an authzid here, Psi didn't. When there is no authzid, you
use:
A1 = Y:nonce:cnonce

A note about authzid: You must not provide an authzid when it's the same as
the JID you are logging in with. And when provided, it has to be a bare JID.
See the spec:
http://xmpp.org/internet-drafts/draft-ietf-xmpp-3920bis-04.html#sasl-rules-authzid

The rest of your code is correct, and I managed to get the correct result
with the above two fixes.

--
Waqas Hussain
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20100218/916801f2/attachment.htm>


More information about the JDev mailing list