[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
scram-sha1 does not tolerate newline characters
|
From: |
Lothar May |
|
Subject: |
scram-sha1 does not tolerate newline characters |
|
Date: |
Sun, 07 Nov 2010 00:58:53 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 |
Hi,
I was desparately trying to test the gsasl scram-sha1 authentication
within our project with a Java test case (own implementation since I
could not find a lib [1]). I kept getting authentication failures. After
several hours, including stepping through the gsasl code, I still could
not see any difference. Finally when switching to hex ascii view I could
see it:
If the client response to the server challenge is terminated with a "\n"
newline separator, this leads to authentication failure, even if
everything else is correct. However, I can add a newline to the first
client message, if I also add it to client-message-bare in the second
auth step (which kind of feels wrong, because newline characters should
not be part of the nonce, see rfc "c-nonce = printable").
Maybe gsasl could be a bit more tolerant in this regard, as this is a
text based protocol, and if you test it on the terminal then newline
characters will be added.
But if this is by design, then it was just my fault not checking
earlier, sorry, I don't mean to rant, I'm just a little frustrated
because I lost so much time on this.
Best regards,
Lothar
[1] If someone would like to receive a copy of the hacked Java code, I
can post it. It uses http://rtner.de/software/PBKDF2.html
- scram-sha1 does not tolerate newline characters,
Lothar May <=