Re: [Razor-users] Authentication in Core.pm

[Jörg Zieren]

Jörg Zieren wrote:
I'm trying to do this in Java, but since I'm not a Perl programmer I 
don't quite understand the above code. I did find out that passwords 
sent to (and generated by) Razor are 64 chars long, which I assume is 
some encoding of a possibly shorter string, e.g. "secret". Is 
$options->{pass} this shorter string, or is it already encoded? I think 
it's the shorter string, because the encoding seems to happen by xor_key 
and hmac_sha1. But how, exactly (in natural language)? What is 
$resp{achal}?

Maybe I wasn't quite clear here. My question was this: I specify a 
password of, say, 10 chars. This, however, is "processed" to yield a 
"longer" string (and I guess this is where I wasn't too specific from a 
cryptographic point of view :-). As I found out by now, that's done by 
xor_key, which returns two strings of 64 chars length. After that we have 
strings of a fixed length of 64 chars, which are then processed together 
with the challenge.

The Spamato equivalent of xor_key works a little different, and that's 
what confused me. But I think I'm enlightened now ;-)

-Jörg

--
Jörg Zieren           http://www.zieren.de            +49 170 7516134
For a list of common abbreviations, see http://www.zieren.de/abk.html
Please do not communicate my address to *any* website/service/company!


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Razor-users mailing list
Razor-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/razor-users