The original python version never actually sends the password in any form; I believe it just uses it to hash the server url, which gets passed as a parameter. The server then just hashes its own url with its password to see if they match. I suppose I could try using crypt to do the same, coming up with some way to derive a reasonable salt from the password. Any suggestions?
That or someone with sufficient power could make Digest::MD5 or ::SHA1 part of the standard perl distro :-).
-b
Karsten Sperling wrote:
There is crypt(). However, just sending the hash of the password instead of the pass itself doesn't change anything, as knowing the hash is then just as good as knowing the pass. And having the server send a challenge first would not exactly shorten the code I guess :)
- Karsten
