On Thu, Oct 24, 2002 at 10:33:44AM +0100, Philip Hazel wrote:
> On Wed, 23 Oct 2002, Eric Renfro wrote:
> > challenge = <17696.1035403810@???>
> > received = 5cb4301be6c19a10bc555491921cf89e
> > digest = 6ba2869e37c4d041dafb41c538de1407
>
> Indeed. The fact that it output that info, however, shows that it ran
> through the CRAM-MD5 code.
>
> Given that you know the correct password, you could compute which digest
> is actually correct. In principle, it could either be the one received
> or the one computed.
>
> You have to take the MD5 digest of the password concatenated with the
> challenge string, with some padding. From the comments in the code:
>
> The CRAM-MD5 algorithm is described in RFC 2195. It computes
>
> MD5((secret XOR opad), MD5((secret XOR ipad), challenge))
>
> where secret is padded out to 64 characters (after being reduced to an MD5
> digest if longer than 64) and ipad and opad are 64-byte strings of 0x36 and
> 0x5c respectively, and comma means concatenation.
>
> I realize that this is a non-trivial exercise!
I was disucussing this with Eric on IRC, and it seems to me that this should
be a quick way of double-checking:
perl -MDigest::HMAC_MD5=hmac_md5_hex -le \
'print hmac_md5_hex($challenge, $secret)'
(with $challenge and $secret substituted for the correct strings of course).
However, Eric got an digest that mismatched on the authentication that
failed, which was puzzling. But maybe someone who actually uses CRAM-MD5
day-to-day (I don't) could explore this?
SRH
--
Steve Haslam Reading, UK araqnid@???
Debian GNU/Linux Maintainer araqnid@???
maybe the human race deserves to be wiped out
