?

Log in

No account? Create an account
LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Challenge/Response Protocol [Apr. 19th, 2004|01:03 am]
LiveJournal Client Discussions

lj_clients

[krolain]
Greetings everyone,

I've been trying to use the new Challenge/Response protocol to log in, but everytime I use it, it returns invalid password.

From what I gather from the document, it seems simple enough, but I cannot get it to work. Has anyone else gotten that to work successfully?

The pseudo-code I'm doing is basically this:

  1. MD5 HEX the password, then convert to string
  2. Append the converted password string at the end of the challenge string from server
  3. MD5 HEX the resulting string and send that to the server.


I've also tried not converting the MD5 HEX password to string, but keep it in byte format, and just append that to the end of the challenge string (converted to bytes), then MD5 digest the resulting byte array, but that also fails.

Granted, debugging does make many of the challenge expire, but I know it's not an expired problem. I actually get 'invalid password' from the server.

I've even tried to force the password string and challenge string to be in "UTF-8" byte format, but it doesn't work either. So, I am now wondering if this Challenge/Response protocol is working properly on the server, or am I missing something?

I am using the flat protocol, though I don't think that is the issue? I can get the MD5 plain password to work.

Help please?
linkReply

Comments:
[User Picture]From: avva
2004-04-19 09:39 am (UTC)
The MD5 RFC doesn't define the case in which a digest string is printed, but the accompanying example uses lower case. In LJ, lower case is used simply because that's what the Perl module we're using for MD5 is produced. In hpassword, either case works because we lowercase the digest before checking, but in challenge/response, one digest is used as part of the input to another, and here it becomes necessary to use the correct case. I agree that this should be documented more adequately; we'll make sure it is.
(Reply) (Parent) (Thread)