On 12/18/01 2:44 AM, "Antoine Maitre" <[EMAIL PROTECTED]> wrote:
> I'm trying to implement zerok authentication for my client. I use the method > described in the document (http://docs.jabber.org/draft-proto/html/zerok.html) > but it doesn't work. I checked the the XML files in the spool folder on the > Jabber server and the hash provided there doesn't match. Can anyone tell me > what I'm doing wrong. Your protocol packets look good. I'd guess that you're not carrying out the 0k auth algorithms correctly. The document you refer to is not very clear on the implementation of the 0k computation. For example, each hash(n) that you create must be converted to a lower case hexadecimal string representation which is then used as input for the next hash(n+1)... This can be confusing because the real hash is a set bits and not the hexadecimal string representation (and it must lowercase). I hope this isn't confusing rather than helping... Arrgh. Let me run through the algorithm sha1 digest(password + toke) => hash0' ->>> lowercase hex rep ->>> hash0 sha1 digest(hash0) => hash1' ->>> lowercase hex rep ->>> hash1 sha1 digest(hash1) => hash2' ->>> lowercase hex rep ->>> hash2 Etc... The doc doesn't explain the "->>> l.h.r. ->>>" step and from a normal cryptography standpoint you'd never think to do that... :) -iain __________________________________________________ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev
