[jdev] How to build "response" in sasl digest MD5

Norman Rasmussen norman at rasmussen.co.za
Thu Feb 18 08:45:38 CST 2010


On Thu, Feb 18, 2010 at 2:37 PM, IRcapmail <ircapmail at yahoo.es> wrote:

> Thank you, Waqas.
>
> I have fixed step 3, but I don't know how to compute the 16 octect in step
> 2. The $md5(X) always returns 32 characters. I have tried to get the first
> 16 and last 16 characters, but the response is wrong.
>

 it sounds like this is returning md5hex, and not the raw characters.  You
need to convert the 32 chars into 16 octects using hex2chr as shown here:
http://www.hawkee.mobi/snippet/6505/

I don't know if its a limitation of the mIRC's language and its possible to
> create md5 hashes with 16 chars in others more "professional" languages, or
> I'm doing something wrong.
>
>
> Waqas Hussain escribió:
>
>> On Thu, Feb 18, 2010 at 4:04 AM, IRcapmail <ircapmail at yahoo.es> wrote:
>>
>>  2. Compute the 16 octet MD5 hash of X. Call the result Y.
>>>
>>> %Y = $md5(%X)
>>>
>>> Result= 85434cc70bb832bc456c27834bfa5d25
>>>
>>>
>>>  This is incorrect. You need 16 octets, but your result is 32 octets.
>> Don't
>> hex encode in this step.
>>
>>
>>
>>> 3. Create a string of the form "Y:nonce:cnonce:authzid". Call this string
>>> A1.
>>>
>>> %A1 = %Y $+
>>>
>>> :x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:
>>> testuser456 at jabber.org/Psi
>>>
>>> Result=
>>>
>>> 85434cc70bb832bc456c27834bfa5d25:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:
>>> testuser456 at jabber.org/Psi
>>>
>>>
>>>  You are including an authzid here, Psi didn't. When there is no authzid,
>> you
>> use:
>> A1 = Y:nonce:cnonce
>>
>> A note about authzid: You must not provide an authzid when it's the same
>> as
>> the JID you are logging in with. And when provided, it has to be a bare
>> JID.
>> See the spec:
>>
>> http://xmpp.org/internet-drafts/draft-ietf-xmpp-3920bis-04.html#sasl-rules-authzid
>>
>> The rest of your code is correct, and I managed to get the correct result
>> with the above two fixes.
>>
>> --
>> Waqas Hussain
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>>
>> _______________________________________________
>> JDev mailing list
>> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
>> Info: http://mail.jabber.org/mailman/listinfo/jdev
>> Unsubscribe: JDev-unsubscribe at jabber.org
>> _______________________________________________
>>
>
> _______________________________________________
> JDev mailing list
> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
>



-- 
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20100218/7a4818e8/attachment.htm>


More information about the JDev mailing list