[Razor-users] Authentication in Core.pm

[Jörg Zieren]

Hi,

this is a somewhat technical question as to how Razor handles passwords 
specified on the command line, e.g. "-pass=secret". In authenticate (in 
Core.pm) it says:

    my ($iv1, $iv2) = xor_key($options->{pass});
    my ($my_digest) = hmac_sha1($resp{achal}, $iv1, $iv2);

    %qr = ( a => 'auth', aresp => $my_digest );
    $queries[0] = makesis(%qr);

I'm trying to do this in Java, but since I'm not a Perl programmer I don't 
quite understand the above code. I did find out that passwords sent to 
(and generated by) Razor are 64 chars long, which I assume is some 
encoding of a possibly shorter string, e.g. "secret". Is $options->{pass} 
this shorter string, or is it already encoded? I think it's the shorter 
string, because the encoding seems to happen by xor_key and hmac_sha1. But 
how, exactly (in natural language)? What is $resp{achal}?

Thanx for any help!

-Jörg

(Just to avoid a misunderstanding: I'm not implementing "JRazor" from 
scratch, but using code from the Spamato project, www.spamato.net, which 
however seems to lack this specific funcionality.)

--
Jörg Zieren           http://www.zieren.de            +49 170 7516134
For a list of common abbreviations, see http://www.zieren.de/abk.html
Please do not communicate my address to *any* website/service/company!


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Razor-users mailing list
Razor-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/razor-users