?

Log in

No account? Create an account
need some help with perl md5 response - LiveJournal Client Discussions [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

need some help with perl md5 response [Jan. 16th, 2005|07:40 pm]
LiveJournal Client Discussions

lj_clients

[sohmc]
[mood |distresseddistressed]

Hey everyone!

I'm having some problems implementing the challenge login method.

I'm getting the appropriate response from getchallenge. I make my MD5 hexes and then post, but I'm getting an invalid password error. However, the plain text logs in fine. Here is the source code:


$md5_pass = $md5->md5_hex($pass);

$auth_challenge = $server_response_hash{'challenge'};
$auth_method = "challenge";
$auth_response = $md5->md5_hex($auth_challenge . $md5_pass);



Any thoughts?

Thanks!
linkReply

Comments:
[User Picture]From: simonb
2005-01-16 10:31 pm (UTC)

Its going to be hard to tell from the little code snippet above; for example an obivious one is if you're stripping off line endings from the challenge response.

Anyway, LJ::Simple automatically uses the challenge-response authentication method if it finds that the Digest::MD5 module available; the following is essentially what it does:

use Digest::MD5;

my $Password = "The user password";
my $Challenge = "The challenge from the server";

my $md5_pass=Digest::MD5->new;
$md5_pass->add($Password);
my $pass_hash = $md5_pass->hexdigest;

my $md5_chall=Digest::MD5->new;
$md5_chall->add($Challenge);
$md5_chall->add($pass_hash);
my $Response = $md5_chall->hexdigest;

print STDERR "Response is $Response\n";
(Reply) (Thread)
[User Picture]From: sohmc
2005-01-19 12:18 pm (UTC)
So it seems that the livejournal documentation is not accurate. According to the the challenge/response docs, I was supposed to use md5_hex and not hexdigest.

According to the man page, both of these are the same. The only difference is in the way they are called.

But I guess the saying applies: "If it's not broke, use it."

Thanks gys for your help.

(Reply) (Parent) (Thread)
[User Picture]From: hober
2005-01-17 01:07 am (UTC)
Keep in mind that the livejournal server expects downcased md5sums, and (at least used to) barf on upcase ones.
(Reply) (Thread)