> On 22 okt. 2015, at 18:21, Pa He <pat.herzf...@gmail.com> wrote:
> 
> Hi Thijs
> 
> Thanks for your response. I see this wiki page seems to be the source of 
> http://stackoverflow.com/questions/29298346/xmpp-sasl-scram-sha1-authentication/29299946#29299946
> 
> Here is my console output:
> 
> [1] pry(main)> clearpass = "p4ssw0rd"
> => "p4ssw0rd"
> [2] pry(main)> iter = 4096
> => 4096
> [3] pry(main)> clearsalt = "312527ce-e134-4694-b6bc-203707ca5922"
> => "312527ce-e134-4694-b6bc-203707ca5922"
> [4] pry(main)> saltr1 = Base64.encode64(clearsalt)
> => "MzEyNTI3Y2UtZTEzNC00Njk0LWI2YmMtMjAzNzA3Y2E1OTIy\n"
> [5] pry(main)> saltr2 = Base64.encode64(saltr1)
> => "TXpFeU5USTNZMlV0WlRFek5DMDBOamswTFdJMlltTXRNakF6TnpBM1kyRTFP\nVEl5Cg==\n"
> [6] pry(main)> digest = OpenSSL::Digest::SHA1.new
> => #<OpenSSL::Digest::SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709>
> [7] pry(main)> len = digest.digest_length
> => 20
> [8] pry(main)> digest.hexdigest
> => "da39a3ee5e6b4b0d3255bfef95601890afd80709"
> [9] pry(main)> clientkey = OpenSSL::PKCS5.pbkdf2_hmac(clearpass, saltr2, 
> 4096, len, digest)
> => "-U\xF1n\x88\xCA\xE3>Q\xA3\x86v\x97\x9Eh\x1E\x87\xD2\b\xF1"
> [10] pry(main)> instance = OpenSSL::HMAC.new(clientkey, 
> OpenSSL::Digest.new('sha1'))
> => 998267511f3d122664208d940d2f7a0abfc7db28
> [11] pry(main)> data = "Client Key"
> => "Client Key"
> [12] pry(main)> instance.update(data)
> => 9d7f402d056a42398d1b30937759c205a7d5b7fd
> [13] pry(main)> stored_key = Digest::SHA1.digest instance.to_s
> => "_\xF6\xBB\v_\x88\xA9\x88\xD6\x06\xE7\xDD?\xE0c\xACz\xB9-X"
>  [14] pry(main)> Digest::SHA1.digest instance.digest
> => "\xE8\x02\x8E\x85\xF5[\xB6\xBF\x1E\x8B\xCBm\x1C\x05+\xE3\xCE\xE8P\x06"
> [15] pry(main)> Digest::SHA1.digest instance.hexdigest
> => "_\xF6\xBB\v_\x88\xA9\x88\xD6\x06\xE7\xDD?\xE0c\xACz\xB9-X"
> [16] pry(main)> Digest::SHA1.hexdigest instance2.hexdigest
> => "5ff6bb0b5f88a988d606e7dd3fe063ac7ab92d58"
> 
> 
> Salt is base64'ed two times, right?
> Does password also get base64'ed?
> 
> Thanks for your help & cheers
> Patrick

Hi Patrick,

The base64-*de*coding applies when the client receives the salt from the
server during SASL. If you're not following SASL, but generating the data
yourself then you don't use base64.

The correct salted password for the password “p4ssw0rd” with the salt
"312527ce-e134-4694-b6bc-203707ca5922” is, hex-encoded:

‘a71aacc618c164ccf3efd2ae23b0061919844909'

Hope this helps,
Thijs

-- 
You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Reply via email to