[jdev] How to build "response" in sasl digest MD5

IRcapmail ircapmail at yahoo.es
Thu Feb 18 19:10:08 CST 2010 

Hello again, I have another problem.

In the step 2:
2. Compute the 16 octet MD5 hash of X. Call the result Y.
%Y = $md5(%X)

sometimes the md5 result includes some "00". For example:

borrame:jabber.dk:hola

its MD5 is:

8ec8d3570700b4f2722604385d3eb79a

When converting to ASCii, I can't convert "00" because it's no 
representable almost in mIRC scripting, that returns a null value for 
ascii 0.

Then the result is a 15 character string instead 16.

How I can resolve this, the 00 hex can be replaced by other value?
Thanks for you patience.




IRcapmail escribió:
> %Y = $hex2chr($md5(%X))
> 
> returns:  …CV
> 
> Can you tell the correct valour for testuser456:jabber.org:pass456 to 
> compare ?
> 
> 
> 
> Norman Rasmussen escribió:
>> On Thu, Feb 18, 2010 at 2:37 PM, IRcapmail <ircapmail at yahoo.es> wrote:
>>
>>> Thank you, Waqas.
>>>
>>> I have fixed step 3, but I don't know how to compute the 16 octect in 
>>> step
>>> 2. The $md5(X) always returns 32 characters. I have tried to get the 
>>> first
>>> 16 and last 16 characters, but the response is wrong.
>>>
>>
>>  it sounds like this is returning md5hex, and not the raw characters.  
>> You
>> need to convert the 32 chars into 16 octects using hex2chr as shown here:
>> http://www.hawkee.mobi/snippet/6505/
>>
>> I don't know if its a limitation of the mIRC's language and its 
>> possible to
>>> create md5 hashes with 16 chars in others more "professional" 
>>> languages, or
>>> I'm doing something wrong.
>>>
>>>
>>> Waqas Hussain escribió:
>>>
>>>> On Thu, Feb 18, 2010 at 4:04 AM, IRcapmail <ircapmail at yahoo.es> wrote:
>>>>
>>>>  2. Compute the 16 octet MD5 hash of X. Call the result Y.
>>>>> %Y = $md5(%X)
>>>>>
>>>>> Result= 85434cc70bb832bc456c27834bfa5d25
>>>>>
>>>>>
>>>>>  This is incorrect. You need 16 octets, but your result is 32 octets.
>>>> Don't
>>>> hex encode in this step.
>>>>
>>>>
>>>>
>>>>> 3. Create a string of the form "Y:nonce:cnonce:authzid". Call this 
>>>>> string
>>>>> A1.
>>>>>
>>>>> %A1 = %Y $+
>>>>>
>>>>> :x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=: 
>>>>>
>>>>> testuser456 at jabber.org/Psi
>>>>>
>>>>> Result=
>>>>>
>>>>> 85434cc70bb832bc456c27834bfa5d25:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=: 
>>>>>
>>>>> testuser456 at jabber.org/Psi
>>>>>
>>>>>
>>>>>  You are including an authzid here, Psi didn't. When there is no 
>>>>> authzid,
>>>> you
>>>> use:
>>>> A1 = Y:nonce:cnonce
>>>>
>>>> A note about authzid: You must not provide an authzid when it's the 
>>>> same
>>>> as
>>>> the JID you are logging in with. And when provided, it has to be a bare
>>>> JID.
>>>> See the spec:
>>>>
>>>> http://xmpp.org/internet-drafts/draft-ietf-xmpp-3920bis-04.html#sasl-rules-authzid 
>>>>
>>>>
>>>> The rest of your code is correct, and I managed to get the correct 
>>>> result
>>>> with the above two fixes.
>>>>
>>>> -- 
>>>> Waqas Hussain
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------ 
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> JDev mailing list
>>>> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
>>>> Info: http://mail.jabber.org/mailman/listinfo/jdev
>>>> Unsubscribe: JDev-unsubscribe at jabber.org
>>>> _______________________________________________
>>>>
>>> _______________________________________________
>>> JDev mailing list
>>> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
>>> Info: http://mail.jabber.org/mailman/listinfo/jdev
>>> Unsubscribe: JDev-unsubscribe at jabber.org
>>> _______________________________________________
>>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> JDev mailing list
>> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
>> Info: http://mail.jabber.org/mailman/listinfo/jdev
>> Unsubscribe: JDev-unsubscribe at jabber.org
>> _______________________________________________
> 
> _______________________________________________
> JDev mailing list
> Forum: http://www.jabberforum.org/forumdisplay.php?f=20
> Info: http://mail.jabber.org/mailman/listinfo/jdev
> Unsubscribe: JDev-unsubscribe at jabber.org
> _______________________________________________
>

More information about the JDev mailing list