[JDEV] 0k authentication + java

Robert Cadena robert at alphavirtual.com
Mon Nov 5 16:19:40 CST 2001 

i've been looking through the archives for the answer to my problems with
sha authentication and hashing using java but can't find it.  i saw a few
posts regarding this topic so i would like to know if anyone has found the
answers.

i'm trying to do java and 0k authentication.  i have tried to follow the
specs but i'm not entirely sure i'm doing it the right way.  here are my
questions:

    1. the token the server sends me...it looks like a hex sequence.  should
i hash the string or convert the sequence into a byte sequence then hash
that?
    2. the simple authentication says something like: take the id and concat
it to the password, then hash.  for the 0k authentication it says use
"passwordHash+token"  so, is this the correct sequence to contact the
strings? and
    3. should i convert the password hash into a string representation of a
byte sequence, concat that to the token and hash that string? or should i
hash the passwordHash byte sequence plus the token sequence.
    4. and should each subsequent hash be converted to string rep then
rehashed or just hash on the bytes returned from the previous hash?

i've tried all the possible combinations i've listed above, none of them
have worked, so i'm obviously doing something extremely wrong: so my next
question is for those familiar with the java messagedigest obj:
    * could you tell me if updating the message digest adds the byte
sequence to the end of the previous digest or do i need to use
System.arraycopy to create a new password+hash sequence, update the message
digest with that and rehash?


i looked at the message with the c snippet for hashing but i couldn't
translate it to java because i'm not sure what the sha_hash function params
are.
*any* help is appreciated

here are some references:
    Previous Java 0K question -
http://mailman.jabber.org/pipermail/jdev/2001-August/007970.html
    Simple Client Auth -
http://docs.jabber.org/proto/html/jabber:iq:auth.html
    0k Auth Draft - http://docs.jabber.org/draft-proto/html/zerok.html

thanks!

/r

More information about the JDev mailing list