[JDEV] Zerok Authentication
Iain Shigeoka
iainshigeoka at yahoo.com
Wed Dec 19 11:26:05 CST 2001
On 12/18/01 2:44 AM, "Antoine Maitre" <antoine_maitre at yahoo.com> wrote:
> I'm trying to implement zerok authentication for my client. I use the method
> described in the document
(http://docs.jabber.org/draft-proto/html/zerok.html)
> but it doesn't work. I checked the the XML files in the spool folder on the
> Jabber server and the hash provided there doesn't match. Can anyone tell me
> what I'm doing wrong.
Your protocol packets look good. I'd guess that you're not carrying out the 0k
auth algorithms correctly. The document you refer to is not very clear on the
implementation of the 0k computation. For example, each hash(n) that you
create must be converted to a lower case hexadecimal string representation
which is then used as input for the next hash(n+1)... This can be confusing
because the real hash is a set bits and not the hexadecimal string
representation (and it must lowercase).
I hope this isn't confusing rather than helping... Arrgh. Let me run through
the algorithm
sha1 digest(password + toke) => hash0' ->>> lowercase hex rep ->>> hash0
sha1 digest(hash0) => hash1' ->>> lowercase hex rep ->>> hash1
sha1 digest(hash1) => hash2' ->>> lowercase hex rep ->>> hash2
Etc...
The doc doesn't explain the "->>> l.h.r. ->>>" step and from a normal
cryptography standpoint you'd never think to do that... :)
-iain
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
More information about the JDev
mailing list