[JDEV] Zerok Authentication
Al Sutton
al at alsutton.com
Thu Aug 9 14:40:28 CDT 2001
Heres the code from the Java Jabber server that agrees with the zerok
digests generated by a number of clients. sessionId ad correctPassword are
both Strings;
MessageDigest sha;
try
{
sha = MessageDigest.getInstance("SHA");
}
catch( NoSuchAlgorithmException e )
{
throw new RuntimeException( "Unable to handle digest passwords" );
}
String stringToHash = sessionId + correctPassword;
byte[] bytesToHash = stringToHash.getBytes();
byte[] hashedBytes = sha.digest( bytesToHash );
StringBuffer shaValueBuffer = new StringBuffer( 40 );
for( int i = 0 ; i < 20 ; i++ )
{
int value = (int) (hashedBytes[i] & 0xff);
String hexValue = Integer.toHexString( value );
if( value < 16 )
shaValueBuffer.append( "0" );
shaValueBuffer.append( hexValue );
}
String shaValue = shaValueBuffer.toString();
Hope it's useful.
A.
At 11:54 09/08/2001 -0700, you wrote:
>Did anyone write a client that is using zerok authentication?? I have
>tried to do it in Java, but somehow it's just not working... Here's my
>code for creating zerok.. can anyone tell me if I am implementing the
>algorithm correctly?
>
> //cache digest so no need to go through calculation again
> if (hash != null) return hash;
> //instantiate a SHA1 hash
> try {
> MessageDigest md = MessageDigest.getInstance("SHA");
> //hash password first
> md.update(context.getPassword().getBytes());
> byte[] hashA = md.digest();
> //now hash hashA + zerokToken
> md.reset();
> md.update(hashA);
> md.update(zerokToken.getBytes());
> byte[] hash0 = md.digest();
> byte[] hashSeq = new byte[hash0.length];
> System.arraycopy(hash0, 0, hashSeq, 0, hash0.length);
> //now loop the number of times specified by (zerokToken - 1)
> for (int i = 0;i < (zerokSeq - 1);i++) {
> md.reset();
> //just start hashing
> hashSeq = md.digest(hashSeq);
> }
> //convert to hex representation
> hash = HexDec.convertBytesToHexString(hashSeq);
> } catch (NoSuchAlgorithmException ex) {
> //no algorithm, just return null
> return "";
> }
> return hash;
>
>
>Thanks,
>Chris
>
>
>PGP at ldap://certserver.pgp.com/
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev
--
Al Sutton
Email/Jabber: al at alsutton.com
Web: http://www.alsutton.com/
More information about the JDev
mailing list