[JDEV] Zerok Authentication

Antoine Maitre antoine_maitre at yahoo.com
Wed Dec 19 13:13:48 CST 2001 

Hi Iain,

your explanation is not confusing at all. I haven't
tried it yet, but this must be the problem because I
don't do the conversion, I just hash it as it is. 

Thanks a lot,

Antoine 

--- Iain Shigeoka <iainshigeoka at yahoo.com> wrote:
> On 12/18/01 2:44 AM, "Antoine Maitre"
> <antoine_maitre at yahoo.com> wrote:
> 
> > I'm trying to implement zerok authentication for
> my client.  I use the method
> 
> > described in the document
> (http://docs.jabber.org/draft-proto/html/zerok.html)
> 
> > but it doesn't work. I checked the the XML files
> in the spool folder on the 
> > Jabber server and the hash provided there doesn't
> match. Can anyone tell me 
> > what I'm doing wrong.
> 
> Your protocol packets look good.  I'd guess that
> you're not carrying out the 0k
> auth algorithms correctly.  The document you refer
> to is not very clear on the
> implementation of the 0k computation.  For example,
> each hash(n) that you
> create must be converted to a lower case hexadecimal
> string representation
> which is then used as input for the next
> hash(n+1)... This can be confusing
> because the real hash is a set bits and not the
> hexadecimal string
> representation (and it must lowercase).
> 
> I hope this isn't confusing rather than helping... 
> Arrgh.  Let me run through
> the algorithm
> 
> sha1 digest(password + toke) => hash0' ->>>
> lowercase hex rep ->>> hash0
> sha1 digest(hash0) => hash1' ->>> lowercase hex rep
> ->>> hash1
> sha1 digest(hash1) => hash2' ->>> lowercase hex rep
> ->>> hash2
> Etc...
> 
> The doc doesn't explain the "->>> l.h.r. ->>>" step
> and from a normal
> cryptography standpoint you'd never think to do
> that...  :)
> 
> -iain
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Check out Yahoo! Shopping and Yahoo! Auctions for
> all of
> your unique holiday gifts! Buy at
> http://shopping.yahoo.com
> or bid at http://auctions.yahoo.com
> _______________________________________________
> jdev mailing list
> jdev at jabber.org
> http://mailman.jabber.org/listinfo/jdev


__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

More information about the JDev mailing list