Thanks for your response. I see this wiki page seems to be the source of
Here is my console output:
 pry(main)> clearpass = "p4ssw0rd"
> => "p4ssw0rd"
>  pry(main)> iter = 4096
> => 4096
>  pry(main)> clearsalt = "312527ce-e134-4694-b6bc-203707ca5922"
> => "312527ce-e134-4694-b6bc-203707ca5922"
>  pry(main)> saltr1 = Base64.encode64(clearsalt)
> => "MzEyNTI3Y2UtZTEzNC00Njk0LWI2YmMtMjAzNzA3Y2E1OTIy\n"
>  pry(main)> saltr2 = Base64.encode64(saltr1)
>  pry(main)> digest = OpenSSL::Digest::SHA1.new
> => #<OpenSSL::Digest::SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709>
>  pry(main)> len = digest.digest_length
> => 20
>  pry(main)> digest.hexdigest
> => "da39a3ee5e6b4b0d3255bfef95601890afd80709"
>  pry(main)> clientkey = OpenSSL::PKCS5.pbkdf2_hmac(clearpass, saltr2,
> 4096, len, digest)
> => "-U\xF1n\x88\xCA\xE3>Q\xA3\x86v\x97\x9Eh\x1E\x87\xD2\b\xF1"
>  pry(main)> instance = OpenSSL::HMAC.new(clientkey,
> => 998267511f3d122664208d940d2f7a0abfc7db28
>  pry(main)> data = "Client Key"
> => "Client Key"
>  pry(main)> instance.update(data)
> => 9d7f402d056a42398d1b30937759c205a7d5b7fd
>  pry(main)> stored_key = Digest::SHA1.digest instance.to_s
 pry(main)> Digest::SHA1.digest instance.digest
> => "\xE8\x02\x8E\x85\xF5[\xB6\xBF\x1E\x8B\xCBm\x1C\x05+\xE3\xCE\xE8P\x06"
>  pry(main)> Digest::SHA1.digest instance.hexdigest
> => "_\xF6\xBB\v_\x88\xA9\x88\xD6\x06\xE7\xDD?\xE0c\xACz\xB9-X"
>  pry(main)> Digest::SHA1.hexdigest instance2.hexdigest
> => "5ff6bb0b5f88a988d606e7dd3fe063ac7ab92d58"
Salt is base64'ed two times, right?
Does password also get base64'ed?
Thanks for your help & cheers
Am Montag, 19. Oktober 2015 21:58:46 UTC+2 schrieb Thijs Alkemade:
> On 19 okt. 2015, at 13:40, Thijs Alkemade <m...@thijsalkema.de
> >> I'm having problems implementing the internal_hashed procedures in
> ruby. My setup is the following:
> >> I have a public-facing prosody 9.3 which does not allow inband
> registration. I'm writing a Ruby on Rails App
> >> which should insert the new users into the postgres DB I setup for
> prosody account storage, but I
> >> have trouble computing the stored_key and server_key.
> >> AFAIK:
> >> iterations is hardcoded to be 4096 for new users, but can be any
> >> UUIDs are used as salt.
> >> stored_key should be the following: SHA1( clientkey )
> >> where clientkey is HMAC (slatedpw, "Client Key")
> >> and saltedpw is a PBKDF2-SHA1(userspassword, salt and iterations)
> >> serverkey is the same as clientkey, but HMACed with "Server Key" and
> without the last SHA1 operation.
> >> Am I missing something here? Because I implemented this procedure with
> Rails' integrated OpenSSL
> >> module and I am not getting the same hashes as I get when using in-band
> >> Cheers
> >> Patrick
> > Hi Patrick,
> > Could you post some example outputs? Start with a password salt and i,
> > post the values of saltedpw, clientkey and storedkey you compute.
> > (Alternatively you could look at , where I've posted all of the
> > intermediate values the client computes.)
> > Regards,
> > Thijs
>  = http://wiki.xmpp.org/web/SASLandSCRAM-SHA-1
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.