On Tue, Sep 02, 2008 at 12:39:54PM +0200, Thomas Schlagbauer wrote: > could someone of the developers of Gobby give me information about the > format or hash-function used when user-password and global-password are > transmitted with the net6_client_login command. All what I could find out > is, that it´s a 160-Bit Hex String (while analyzing via Wireshark). SHA1 > supports 160-Bit but I tried it already and it doesn´t work.
Use the source, luke. Relevant parts are client_buffer.hpp:on_net_welcome, which parses the token from the welcome line and client_buffer.hpp:on_login_extend which applies the SHA1 hash on the token and the password (to crush replay attacks). Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Release Assistant `. `' xmpp:[EMAIL PROTECTED] Stable Release Manager `- finger pkern/[EMAIL PROTECTED]
signature.asc
Description: Digital signature