On Tue, 2002-06-11 at 10:46, Andreas Bystr�m wrote: > Hi all! > > I think I need some help regarding understanding the digest authentication > scheme. Can someone give comments on the following statements: > > I send a registration message to a proxy and receives the challange: > > Proxy-Authenticate: Digest realm="MCI WorldCom SIP", > domain="sip:ss2.wcom.com", nonce="ea9c8e88df84f1cec4341ae6cbe5a359", > opaque="", stale=FALSE, algorithm=MD5 > > To compute the response that should be sent back to the proxy I will do the > following: > > * unq() is just taking away any leading and ending "-marks > * MD5() returns the MD5 has of the input string as hex-encoded > > 1. Compute x = MD5(unq(username) +":"+ unq(realm) +":"+password) > 2. Compute y = MD5(method +":"+uri) > 3. Compute z = MD5(x +":"+ unq(nonce) +":"+ y) > > Then z is the string I should put in the response-field in the response to > this challange. > I then have several questions: > > Q1 : Is it correct to set x and y to the hex encoded hash value of the > input? Should I instead just use the hex encoded value in the response so > that when I use x and y as input in <3> they should be bit-enoded?
Use the hex representation of x and y for input into 3. > > Q2 : Should one always include y when calculating z? I seen examples when it > is not used. y is always used - where have you seen it omitted? > > Q3 : How can I use these credentials in the next request I send to the same > proxy? What do I recalculate? Do I have to use cnonce, and in that case how? You just reuse the value you have. You don't recalculate until you get another challenge (another nonce). The equations you show are for rfc2069 digest. rfc2617 defines cnonce - look in it for the equations you need to use to calculate a response. RjS > > Any opinions is appreciated on my questions, if you can help me with just > one I will be happy! > > Thanks in advance, > > Andreas Bystr�m > > _______________________________________________ > Sip-implementors mailing list > [EMAIL PROTECTED] > http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
