[JDEV] Zerok Authentication

Al Sutton al at alsutton.com
Thu Aug 9 14:40:28 CDT 2001


Heres the code from the Java Jabber server that agrees with the zerok 
digests generated by a number of clients. sessionId ad correctPassword are 
both Strings;

     MessageDigest sha;
     try
     {
       sha = MessageDigest.getInstance("SHA");
     }
     catch( NoSuchAlgorithmException e )
     {
       throw new RuntimeException( "Unable to handle digest passwords" );
     }

     String stringToHash = sessionId + correctPassword;
     byte[] bytesToHash = stringToHash.getBytes();
     byte[] hashedBytes = sha.digest( bytesToHash );

     StringBuffer shaValueBuffer = new StringBuffer( 40 );
     for( int i = 0 ; i < 20 ; i++ )
     {
       int value = (int) (hashedBytes[i] & 0xff);
       String hexValue = Integer.toHexString( value );
       if( value < 16 )
         shaValueBuffer.append( "0" );
       shaValueBuffer.append( hexValue );
     }

     String shaValue = shaValueBuffer.toString();


Hope it's useful.

A.


At 11:54 09/08/2001 -0700, you wrote:
>Did anyone write a client that is using zerok authentication?? I have 
>tried to do it in Java, but somehow it's just not working... Here's my 
>code for creating zerok.. can anyone tell me if I am implementing the 
>algorithm correctly?
>
>         //cache digest so no need to go through calculation again
>         if (hash != null) return hash;
>         //instantiate a SHA1 hash
>         try {
>             MessageDigest md = MessageDigest.getInstance("SHA");
>             //hash password first
>             md.update(context.getPassword().getBytes());
>             byte[] hashA = md.digest();
>           //now hash hashA + zerokToken
>             md.reset();
>             md.update(hashA);
>             md.update(zerokToken.getBytes());
>           byte[] hash0 = md.digest();
>             byte[] hashSeq = new byte[hash0.length];
>             System.arraycopy(hash0, 0, hashSeq, 0, hash0.length);
>             //now loop the number of times specified by (zerokToken - 1)
>             for (int i = 0;i < (zerokSeq - 1);i++) {
>                     md.reset();
>                 //just start hashing
>                         hashSeq = md.digest(hashSeq);
>             }
>             //convert to hex representation
>             hash = HexDec.convertBytesToHexString(hashSeq);
>         } catch (NoSuchAlgorithmException ex) {
>             //no algorithm, just return null
>             return "";
>         }
>         return hash;
>
>
>Thanks,
>Chris
>
>
>PGP at ldap://certserver.pgp.com/
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev

-- 
Al Sutton
Email/Jabber: al at alsutton.com
Web: http://www.alsutton.com/




More information about the JDev mailing list