MD5 password encyption - how?

Arun Mundray Fri, 13 May 2005 06:27:39 -0700

I was hoping someone could explain what I'm doing wrong here. I'm confused to how I should go about encrypting the password using MD5 on a client. To keep this simple i'm using a password less the 16 chars. So why doesn't this work? In a buffer i'm adding a random vector to the secret, then running MD5 and XORing the result with password. The result is placed (copied) as the user-password, and the vector value copied to the packet header. Seems right? But clearly it isn't! The packet seems well formed but the user password is decrypted as garbage (Radius -X).

/* MD5 Make a hash of the data */

createIndentifier(vector);

/* Calculate the md5 digest */
secretlen = strlen(secret);
memcpy(md5buf, secret, secretlen);
memcpy(md5buf + secretlen, vector, RADIUS_RANDOM_VECTOR_LEN);

MD5_Init (&sum);
MD5_Update (&sum, md5buf, secretlen + RADIUS_RANDOM_VECTOR_LEN);
MD5_Final (digest, &sum);

memset(passbuf, 0, RADIUS_RANDOM_VECTOR_LEN);
strcpy(passbuf, password);

for (i = 0; i < RADIUS_RANDOM_VECTOR_LEN; i++)
{
       // run through the 16 values of the digest and XOR with password
        result[i] = digest[i] ^ passbuf[i];
}

Thanks,

Arun M.

- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MD5 password encyption - how?

Reply via email to