>
> Two questions about the random challenge string that the server
> sends (after the client sends "login -<crypt> -<username>"):
Looking at the perl code, there is no '-' before the username.
>
> 1) It is *not* encrypted, correct? So basically the client just
> reads from the socket, md5()'s it, encrypts and writes it back.
>
Correct. The challenge is not encrypted. Also, perl's md5
function apparently returns a binary string, while PHP returns
hex -- so you need do:
$hash = pack ("H*", md5($challenge));
> 2) Is it a random length too? I ask because I'm testing my class
> and I always seem to get strings of different lengths ... although
> at one point I thought I was getting strings of a fixed length.
As far as I can tell, the challenges are variable length. I have
noticed that at least some PHP functions choke when there's a NUL byte
in a string, so I'm not entirely sure.
-mike
>
> __________________________________________________________________
> Colin Viebrock easyDNS Technologies
> Co-Founder control your domain
> http://www.easyDNS.com
>
>
> _______________________________________________
> opensrs-php-devel mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/mailman/listinfo/opensrs-php-devel
>
--
"Modern electronic-rock music, inaugurated in the early 1960s, is, and
always has been, a joint enterprise of British military intelligence
and Satanic cults."
-- "The Satanic Roots of Rock"
http://www.av1611.org/othpubls/roots.html
GnuPG key available at http://devel.duluoz.net/pubkey.asc
Key ID = 1024D/9A256AE5 1999-11-13 Mike Glover <[EMAIL PROTECTED]>
Key fingerprint = EF6E 8BCB 4810 E98C F0FD 4596 367A 32B7 9A25 6AE5
