Reputation: 86
Digest md5 response generation
How to generate response field in client response for DIGEST MD5 challenge, I'am currently using rfc 2831 for reference
Challenge from server as per rfc 2831 example is:
realm="elwood.innosoft.com",nonce="OA6MG9tEQGm2hh",qop="auth",
algorithm=md5-sess,charset=utf-8
response from client as per rfc 2831 example :
charset=utf-8,username="chris",realm="elwood.innosoft.com",
nonce="OA6MG9tEQGm2hh",nc=00000001,cnonce="OA6MHXh6VqTrRk",
digest-uri="imap/elwood.innosoft.com",
response=d388dad90d4bbd760a152321f2143af7,qop=auth
collected details are:
- username=chris
- password=secret
- nonce=OA6MG9tEQGm2hh
- nc-value=00000001
- cnonce=OA6MHXh6VqTrRk
- qop=auth
- realm=elwood.innosoft.com
- digesturi=imap/elwood.innosoft.com
Response I'm generating doesn't comply with that in rfc 2831 example at page 19
Formulations in rfc 2831
Let H(s) be the 16 octet MD5 hash [RFC 1321] of the octet string s.
Let KD(k, s) be H({k, ":", s}), i.e., the 16 octet hash of the string k, a colon and the string s.
Let HEX(n) be the representation of the 16 octet MD5 hash n as a string of 32 hex digits (with alphabetic characters always in lower case, since MD5 is case sensitive).
Currently i'am using following procedure:
A1 = { H(chris:elwood.innosoft.com:secret), ":", nonce-value, ":", cnonce-value }
A1 = {eb5a750053e4d2c34aa84bbc9b0b6ee7:OA6MG9tEQGm2hh:OA6MHXh6VqTrRk}
A2 = { "AUTHENTICATE:", digest-uri-value } A2 = {AUTHENTICATE:imap/elwood.innosoft.com}
H(A1) = 54442ff1f394d9d0de1205cef4d9cebe
HEX(H(A1)) = 54442ff1f394d9d0de1205cef4d9cebe
HEX(H(A2)) = 15e3594677e51ade69715d1cb7d207ba
RESPONSE=HEX( KD ( HEX(H(A1)), { nonce-value, ":" nc-value, ":", cnonce-value, ":", qop-value, ":", HEX(H(A2)) }))
RESPONSE=HEX( KD ( 54442ff1f394d9d0de1205cef4d9cebe:OA6MG9tEQGm2hh:00000001:OA6MHXh6VqTrRk:auth:15e3594677e51ade69715d1cb7d207ba))
Response as per above procedure is:
26ef1190b643a36e879673066098379c
but response value as per rfc is :
d388dad90d4bbd760a152321f2143af7
Thus response generated above is different from one generated in rfc's example
what changes need to be carried out?
Upvotes: 2
Views: 3308
Answers (3)
Reputation: 1
You have calculated response correctly and example in RFC2831 is not consistent.
Upvotes: -3
Reputation: 902
Sorry, RFC documentation is right, you just miscalculated the hash of A1.
Because, you converted hash value of "H(chris:elwood.innosoft.com:secret)" to hex string. But RFC just says "Let H(s) be the 16 octet MD5 hash".
Just, don't convert hash result to hex string and concatenate with this byte array hash result.
I hope this code helps to explain.
A1 = Md5Hash(Encoding.ASCII.GetBytes(username + ":" + realm + ":" + password))
.Concat(
Encoding.ASCII.GetBytes(
":" + nonce
+ ":" + cnonce
+ (authzid == null ? "" : (":" + authzid))))
.ToArray();
Upvotes: 2
Reputation: 21
A1 calculation is wrong. The MD5 digest over chris:elwood.innosoft.com:secret in your case is 32-octet hexadecimal, 2 octets per original byte. In the RFC calculation it is 16-octet, 1 octet = 1 byte.
Upvotes: 0
Related Questions
- Apache Http Digest Authentication using Java
- Get MD5 String from Message Digest
- Java message digest [MD5] not producing expected hash
- MD5 Message Digest Java
- RoR - MD5 generation
- Which password format (plaintext or MD5 Hash) to be passed when using the authentication method "SASL DIGEST-MD5"?
- HTTP Digest Authentication
- How to use the Java SASL API and CRAM-MD5
- Ruby - digest authentication for soap and byte arrays
- HTTP Digest Authentication MD5 Collision