[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
on using GSASL_SCRAM_SALTED_PASSWORD
From: |
Marco Maggi |
Subject: |
on using GSASL_SCRAM_SALTED_PASSWORD |
Date: |
Thu, 07 Mar 2013 23:54:25 +0100 |
Ciao,
I am binding GSASL to a language; I am not into
cryptography; I would like to stay out of crypto algorithms
implementation as much as I can.
For the purpose of including examples in the documentation
I have written a pair of mock client and server using
SCRAM-SHA-1 and it seems to me that they can correctly do
their thing with the client setting the property
GSASL_PASSWORD.
Questions:
* I am in a bit of trouble implementing an example of
setting the property GSASL_SCRAM_SALTED_PASSWORD; is the
client application supposed to:
1. Retrieve the property GSASL_SCRAM_ITER as a string
holding a number of iterations, and convert it to an
actual number "i".
2. Retrieve the property GSASL_SCRAM_SALT as a string in
base64 encoding, and decode it obtaining the vector of
octets "salt".
3. Take the password in clear and prepare it with
SASLprep, obtaining the vector of octets "str".
4. Compute the function Hi(str, salt, i) as explained in
RFC 5802, obtaining a vector of octets.
5. Convert the vector of octets from point 4 to a hex
string (it must result of length 40).
and the hex string is the value of the property
GSASL_SCRAM_SALTED_PASSWORD?
* Given that to compute such property value I need the
password in clear, in which scenario a client application
should use GSASL_SCRAM_SALTED_PASSWORD rather than
GSASL_PASSWORD?
* Being that, IIUC, GSASL already implements internally the
transformation from clear password to value of
GSASL_SCRAM_SALTED_PASSWORD, is it possible to just use
GSASL to compute the value of the property?
TIA.
--
Marco Maggi
- on using GSASL_SCRAM_SALTED_PASSWORD,
Marco Maggi <=