And This one again Chris Love
Extreme Web Works www.extremewebworks.com 919-836-0998 -----Original Message----- From: Chris Love [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 10, 2002 4:59 PM To: '[EMAIL PROTECTED]' Subject: RE: DES IV Well I guess my earlier message is not going to be posted or responded to, but these are some of my findings. As I compare what I have developed and compare it to the PHP, Java and Perl Clients I can find no difference in what I am doing except that I want to use DES. What I am noticing from the server is, well, disturbing. I can do consecutive runs through the handshake and receive multiple responses. Examples: Run 1- 1)Connect 2)Read Check Version 3)Send Version Check Reply 4)Send Authenticate 5)Receive Check Version 6).........Nothing really matters anymore because the sever farted Run 2- 1)Connect 2)Read Check Version 3)Send Version Check Reply 4)Send Authenticate 5)Receive Challenge (encouraging) 6a)Create MD5 Hash of Challenge bits (16 bytes long) 6b)Let's try to encrypt that HASH 6b1)MD5 Hash the Key 'Seed' and get the first 8 bytes for the real DES key 6b2)get the first second 8 bytes for the real DES IV (I think this could be anything) 6c)DES Encrypt the Challenge Bits 6d)change the encrypted bytes to ASCII 6e)Add 'RandomIV' and the IV before the encrypted String 6f)Send the Encrypted Bytes back to the OPENSRS Server 7)Death Run 2- 1)Connect 2)Read Check Version 3)Send Version Check Reply 4)Send Authenticate 5)Receive Challenge (encouraging) 6a)Create MD5 Hash of Challenge bits (16 bytes long) 6b)Let's try to encrypt that HASH 6b1)MD5 Hash the Key 'Seed' and get the first 8 bytes for the real DES key 6b2)get the first second 8 bytes for the real DES IV (I think this could be anything) 6c)DES Encrypt the Challenge Bits 6d)change the encrypted bytes to ASCII 6e)Add 'RandomIV' and the IV before the encrypted String 6f)Send the Encrypted Bytes back to the OPENSRS Server 7)Receive another Challenge request??????? 8)OK what now?????????? This is what is happening to me. I need help with what I am doing wrong. Chris Love Extreme Web Works www.extremewebworks.com 919-836-0998 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Charles Daminato Sent: Friday, February 08, 2002 8:53 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: DES IV While I can't answer this directly (I'm not all that familiar with encryption and techniques), there is a rather nice document written by one of our resellers that's available to anyone that wants it... It's written with Delphi in mind, but this should give you a shot. Apologies for the format, it's a .doc file (word), I'm trying to PDF-ize it. You can grab it here: http://opus.tucows.com/decipher.doc Thank you Christine Warner :) BTW - our suggestion is that you use Blowfish, it's faster, stronger encryption. Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Chris Love > Sent: February 8, 2002 7:42 AM > To: [EMAIL PROTECTED] > Subject: DES IV > > > I am new to this whole encryption thing, but I need some assurance. > We get a key generated for us from OPENSRS, but where do I get an > Initilization Vector (IV) for DES? Can I just make something up? > > > Chris Love > [EMAIL PROTECTED] > http://extremewebworks.com > >
