On 04-12-2020 17:03, Dimitry Sibiryakov wrote:
04.12.2020 16:20, Mark Rotteveel wrote:
After closer inspection, I found the issue. The SHA-1 hash of DAVIDS
is 00AD377F8297F04FD83DFDBF48AABF316850862F. Seeing that leading zero,
I guessed that might be part of the problem. After stripping the
leading zero from the user hash in Jaybird, the authentication succeeds.
The roundtrip from hash bytes to BigInteger back to bytes as hash
input (in RemotePassword::clientProof (srp.cpp) and makeProof
(srp.h)), probably strips any leading zero byte(s).
So the question now is whether it is a bug in Firebird Srp
implementation or Jaybird one. I would say the former.
Looking at some other (non-Firebird related) SRP implementations, they
usually also roundtrip this SHA-1 through a BigInteger equivalent, which
probably also strips leading zeroes.
And 'fixing' this in Firebird at this point would break compatibility
between disparate client and server versions with those usernames that
produce a SHA-1 with leading zeroes.
It seems to me this is better to fix in Jaybird.
Mark
--
Mark Rotteveel
Firebird-Devel mailing list, web interface at
https://lists.sourceforge.net/lists/listinfo/firebird-devel
