qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aidan Skinner" <ai...@apache.org>
Subject Re: Random .Net question
Date Wed, 04 Jun 2008 14:21:15 GMT
On Wed, Jun 4, 2008 at 2:11 PM, Aidan Skinner <aidan@apache.org> wrote:

> The classes do when used directly, but not when called from the SASL
> CRAM-MD5 implementation. I've been digging through the OpenJDK source
> but haven't yet come up with a reason why. I suspect we're doing
> something broken somewhere in our implementation, possibly to do with
> collapsing or not collapsing keys > 64 bytes.

I tried the following bit of python as a tie breaker:

import hmac
password = chr(0x08)+chr(0x4e)+chr(0x03)+chr(0x43)+chr(0xa0)+chr(0x48)+chr(0x6f)+chr(0xf0)+chr(0x55)+chr(0x30)+chr(0xdf)+chr(0x6c)+chr(0x70)+chr(0x5c)+chr(0x8b)+chr(0xb4)
print password
challenge = "<-5343108610582030592.1212588708547@FOOCORP.COM>"
print hmac.HMAC(password, challenge).hexdigest()

And it produces the same answer as the .Net implementation, and
differs from the brokers implementation.

Joy to the world.

- Aidan
aim/y!:aidans42 g:aidan.skinner@gmail.com
"We belong to nobody and nobody belongs to us. We don't even belong to
each other."

View raw message