?

Log in

No account? Create an account
Challenge-response? - LiveJournal Client Discussions — LiveJournal [entries|archive|friends|userinfo]
LiveJournal Client Discussions

[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

Challenge-response? [Jun. 22nd, 2005|09:14 pm]
LiveJournal Client Discussions

lj_clients

[shitty_kitty]
I'm using the flat protocol, and I'm trying to authenticate using the challenge-response system. When I send the "getchallenge" command to the server, I'm getting this back:

challenge=c0:1119488400:2948:60:wrdelynkdgtzldsu5vnq:c32fcf37f954ef177f8a0007394f557b

No matter how hard I try, I can't get it to authenticate. I've tried using the whole string, colon-separated chunks of the string, and the last two chunks together (I noticed they're the main two that change), but nothing's working. I've checked my MD5 function and it's working correctly (I can generate hpassword's just fine), and I'm using the MD5_hex(challenge + MD5_hex(password)) formula. So, which part of that string do I need to return as "auth_challenge", and which part do I need to manipulate using that formula to return as "auth_response"?
linkReply

Comments:
[User Picture]From: marksmith
2005-06-23 08:14 pm (UTC)
Ensure all MD5 hashes you generate and use are lowercase. That's the #1 cause of verification failures. Unix does lowercase, many Windows libraries do uppercase.
(Reply) (Thread)