> On 19 okt. 2015, at 08:26, Pa He <pat.herzf...@gmail.com> wrote:
> I'm having problems implementing the internal_hashed procedures in ruby. My 
> setup is the following:
> I have a public-facing prosody 9.3 which does not allow inband registration. 
> I'm writing a Ruby on Rails App
> which should insert the new users into the postgres DB I setup for prosody 
> account storage, but I
> have trouble computing the stored_key and server_key.
> iterations is hardcoded to be 4096 for new users, but can be any integer.
> UUIDs are used as salt.
> stored_key should be the following: SHA1( clientkey )
> where clientkey is HMAC (slatedpw, "Client Key")
> and saltedpw is a PBKDF2-SHA1(userspassword, salt and iterations)
> serverkey is the same as clientkey, but HMACed with "Server Key" and without 
> the last SHA1 operation.
> Am I missing something here? Because I implemented this procedure with Rails' 
> integrated OpenSSL
> module and I am not getting the same hashes as I get when using in-band 
> registration.
> Cheers
> Patrick

Hi Patrick,

Could you post some example outputs? Start with a password salt and i, and
post the values of saltedpw, clientkey and storedkey you compute.

(Alternatively you could look at [1], where I've posted all of the
intermediate values the client computes.)


You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to