Hi, I want to implement md5 digest authentification in my Jabber client.
I wrote it years ago, it's very basic (presence, messages, services
discovery, vcard) and only supports plain authentification.
I have read some tutorials, but I have problems to bulid the "response".
This tutorial (
http://web.archive.org/web/20050224191820/http://cataclysm.cx/wip/digest-md5-crash.html
) says:
-------------------------------------------
Computing the response value
This is where the magic happens. The value of the response directive is
computed as follows:
1. Create a string of the form "username:realm:password". Call this
string X.
2. Compute the 16 octet MD5 hash of X. Call the result Y.
3. Create a string of the form "Y:nonce:cnonce:authzid". Call this
string A1.
4. Create a string of the form "AUTHENTICATE:digest-uri". Call this
string A2.
5. Compute the 32 hex digit MD5 hash of A1. Call the result HA1.
6. Compute the 32 hex digit MD5 hash of A2. Call the result HA2.
7. Create a string of the form "HA1:nonce:nc:cnonce:qop:HA2". Call
this string KD.
8. Compute the 32 hex digit MD5 hash of KD. Call the result Z.
The resultant string Z should be sent to the server as the value of the
"response" directive.
-------------------------------------------
In my test, I have used Psi with a ficticious account:
Server send the challenge, decoded is:
nonce="x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=",realm="jabber.org",qop="auth",maxbuf=16384,charset=utf-8,algorithm=md5-sess
And Psi reply:
username="testuser456",realm="jabber.org",nonce="x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=",cnonce="EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=",nc=00000001,digest-uri="xmpp/jabber.org",qop=auth,response=05ec899f842eb50ffbe8a4e85316b630,charset=utf-8
Then, this is my code (app is writen in mIRC scripting language) with
the same parameters and steep by steep:
1. Create a string of the form "username:realm:password". Call this
string X.
%X = testuser456:jabber.org:pass456
Result= testuser456:jabber.org:pass456
2. Compute the 16 octet MD5 hash of X. Call the result Y.
%Y = $md5(%X)
Result= 85434cc70bb832bc456c27834bfa5d25
3. Create a string of the form "Y:nonce:cnonce:authzid". Call this
string A1.
%A1 = %Y $+
:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:[email protected]/Psi
Result=
85434cc70bb832bc456c27834bfa5d25:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:[email protected]/Psi
4. Create a string of the form "AUTHENTICATE:digest-uri". Call this
string A2.
%A2 = AUTHENTICATE:xmpp/jabber.org
Result= AUTHENTICATE:xmpp/jabber.org
5. Compute the 32 hex digit MD5 hash of A1. Call the result HA1.
%HA1 = $md5(%A1)
Result= 9a964814c44a569f669e00cec987b21e
6. Compute the 32 hex digit MD5 hash of A2. Call the result HA2.
%HA2 = $md5(%A2)
Result= 944bd70f8fa70f4e8e9e17ead871fae3
7. Create a string of the form "HA1:nonce:nc:cnonce:qop:HA2". Call this
string KD.
%KD = %HA1 $+
:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:00000001:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:auth:
$+ %HA2
Result=
9a964814c44a569f669e00cec987b21e:x8djfKCd/aoKCUIeI5IwN0lNGzs91oSdMCR7SZT6L9s=:00000001:EzAaOdnJwGDj2ABlUat3a1ZPeH06Pyzic6PpnVnqkBE=:auth:944bd70f8fa70f4e8e9e17ead871fae3
8. Compute the 32 hex digit MD5 hash of KD. Call the result Z.
%Response = $md5(%KD)
Result= dfd661d4a4a26e7b84972e672b8ccc16
But this is incorrect, the valid response is
05ec899f842eb50ffbe8a4e85316b630
(In mIRC scripting, variables have the % prefix. $+ is used to
concatenate texts and variables with no spaces. $md5 return the hash
value. There are also commands to encode/decode base64 and to use binary
variables, so, over the paper, have all the neccesary to work).
But the response is incorrect and I don't know why. Any idea?
(Sorry for my poor english).
C. Esteve
_______________________________________________
JDev mailing list
Forum: http://www.jabberforum.org/forumdisplay.php?f=20
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
