[JDEV] Zerok Authentication

Chris Chen ckchris at idream.net
Thu Aug 9 15:50:22 CDT 2001 

Hmm.. this seems to be the code for Digest only, not Zerok..   I have this 
implemented already, but thanks for letting me know though.. I appreciate 
your efforts...  Maybe you have something else that does show you the Zerok 
side that you can possibly share with me...

Thanks,
Chris

At 12:40 PM 8/9/2001, you wrote:
>Heres the code from the Java Jabber server that agrees with the zerok 
>digests generated by a number of clients. sessionId ad correctPassword are 
>both Strings;
>
>     MessageDigest sha;
>     try
>     {
>       sha = MessageDigest.getInstance("SHA");
>     }
>     catch( NoSuchAlgorithmException e )
>     {
>       throw new RuntimeException( "Unable to handle digest passwords" );
>     }
>
>     String stringToHash = sessionId + correctPassword;
>     byte[] bytesToHash = stringToHash.getBytes();
>     byte[] hashedBytes = sha.digest( bytesToHash );
>
>     StringBuffer shaValueBuffer = new StringBuffer( 40 );
>     for( int i = 0 ; i < 20 ; i++ )
>     {
>       int value = (int) (hashedBytes[i] & 0xff);
>       String hexValue = Integer.toHexString( value );
>       if( value < 16 )
>         shaValueBuffer.append( "0" );
>       shaValueBuffer.append( hexValue );
>     }
>
>     String shaValue = shaValueBuffer.toString();
>
>
>Hope it's useful.
>
>A.
>
>
>At 11:54 09/08/2001 -0700, you wrote:
>>Did anyone write a client that is using zerok authentication?? I have 
>>tried to do it in Java, but somehow it's just not working... Here's my 
>>code for creating zerok.. can anyone tell me if I am implementing the 
>>algorithm correctly?
>>
>>         //cache digest so no need to go through calculation again
>>         if (hash != null) return hash;
>>         //instantiate a SHA1 hash
>>         try {
>>             MessageDigest md = MessageDigest.getInstance("SHA");
>>             //hash password first
>>             md.update(context.getPassword().getBytes());
>>             byte[] hashA = md.digest();
>>           //now hash hashA + zerokToken
>>             md.reset();
>>             md.update(hashA);
>>             md.update(zerokToken.getBytes());
>>           byte[] hash0 = md.digest();
>>             byte[] hashSeq = new byte[hash0.length];
>>             System.arraycopy(hash0, 0, hashSeq, 0, hash0.length);
>>             //now loop the number of times specified by (zerokToken - 1)
>>             for (int i = 0;i < (zerokSeq - 1);i++) {
>>                     md.reset();
>>                 //just start hashing
>>                         hashSeq = md.digest(hashSeq);
>>             }
>>             //convert to hex representation
>>             hash = HexDec.convertBytesToHexString(hashSeq);
>>         } catch (NoSuchAlgorithmException ex) {
>>             //no algorithm, just return null
>>             return "";
>>         }
>>         return hash;
>>
>>
>>Thanks,
>>Chris
>>
>>
>>PGP at ldap://certserver.pgp.com/
>>
>>_______________________________________________
>>jdev mailing list
>>jdev at jabber.org
>>http://mailman.jabber.org/listinfo/jdev
>
>--
>Al Sutton
>Email/Jabber: al at alsutton.com
>Web: http://www.alsutton.com/
>
>_______________________________________________
>jdev mailing list
>jdev at jabber.org
>http://mailman.jabber.org/listinfo/jdev

PGP at ldap://certserver.pgp.com/

More information about the JDev mailing list