On Thu, 24 Oct 2002, Steve Haslam wrote:
> No, we couldn't get the result from perl to match the digest even when exim
> and the client agreed on it :(
oic.
to the best of my knowledge, that hmac module should be fine, but just
in case, could you try this snippet:
string cm5(string challenge, string pass)
{
string ipad = pass;
for(int i=strlen(ipad); i<64; i++) {
ipad += "\0";
}
string opad = ipad;
for(int i=0; i<64; i++) {
ipad[i] ^= 0x36;
opad[i] ^= 0x5c;
}
string inner = Crypto.md5()->update(ipad)->update(challenge)->digest();
string outer = Crypto.string_to_hex(Crypto.md5()->update(opad)->update(inner)->digest());
return outer;
}
int main(int argc, array(string) argv)
{
write(cm5(argv[1], argv[2]) + "\n");
}
its pike, (apt-get install pike7 [or any >0.6 one for that matter],
`pike foo.pike challenge password'.
this is _guaranteed_ to produce the correct hash. i'm curious what
this gives... (mh, just noticed a flaw: don't have passwords >64
char.. i forgot to handle this case ;)
--
(void)
