Re: [bme-develop] MD5?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello,

> Hi Daniel,
> 
> copied the code here, could you tell me if I'm understanding it 
> correctly?
> 
> char hash[strlen(chr_hash)+1];
> strcpy(hash,chr_hash);
> 
> hash is the string encoded? why length + 1?
hash is the string the Msn Notification server sent as a challenge. To 
respond you have to use this string and concatenate to it a particular 
ID code as describe on http://www.hypothetic.org/docs/msn/notification/pings_challenges.php

length + 1, that is the way to copy C strings, you get the length of 
the string plus 1 to hold the NULL termination byte ( '\0' ).

> 
> int digestLen = 0;
> uchar digest[32];
> 
> digest contains the encoded string?
Yes, this will hold the end result, the MD5 digest.

> 
> Common::check_crypt_error(cryptContext,cryptCreateContext(&
> cryptContext, 
> CRYPT_UNUSED, CRYPT_ALGO_MD5),"ERROR while creating MD5 context");
> 
> make a MD5 encoding cryptlib context?
Correct.

> 
> 
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,hash,s
trlen(hash)),"ERROR 
> Setting MD5 Hash");
> 
> one part of the concatenated string?
Right.

> 
> 
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,pass,s
trlen(pass)),"ERROR 
> Setting MD5 Password");
> 
> second part?
Right.

> 
> 
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,hash,0
),"ERROR 
> hashing");
> 
> encrypt it? where's pass?
This last call is use to tell cryptlib there is no more data to be 
appended, note the 0 as length. After this call you can not append more 
data to the context. This call finalizes the process and you can now 
retrieve the message digest from the context as you see below

> 
> 
> Common::check_crypt_error(cryptContext,cryptGetAttributeString(cryptCon
text, 
> CRYPT_CTXINFO_HASHVALUE, digest, &digestLen),"ERROR getting hash");
> 
> get the encrypted string and move it into digest?
That's right

> 
> 
> Common::check_crypt_error(cryptContext,cryptDestroyContext(cryptContext
), 
> "ERROR while destroying");
> 
> destroy context: clean up?
Yes

> 
> hex(digest,hex_str);
> return hex_str;
> 
> convert digest into hexidecimal?
Yes

> 
> Now for email I have to encode the following(also see 
> http://www.hypothetic.org/docs/msn/notification/messages.php):
> 
> "creds - is the MD5 hexadecimal digest of the concatenated strings 
> MSPAuth + 
> sl + password. MD5 is discussed on the pings/challenges page."
> 
> so could the code look like this:
> 
> Common::check_crypt_error(cryptContext,cryptCreateContext(&
> cryptContext, 
> CRYPT_UNUSED, CRYPT_ALGO_MD5),"ERROR while creating MD5 context");
> 
> 	
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,MSPAut
h,strlen(MSPAuth)),"ERROR 
> Setting MD5 Hash");
> 
> 	
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,sl,str
len(sl)),"ERROR 
> Setting MD5 Password");
> 	
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,passwo
rd,strlen(password)),"ERROR 
> Setting MD5 Password");
> 
> 	
> Common::check_crypt_error(cryptContext,cryptEncrypt(cryptContext,hash,0
),"ERROR 
> hashing");
> 
>         uhm???
Yes. You have to know that the context variable has to be static. 
Otherwise you will get segment violations from cryptlib. You might be 
able to use the same function without modification.

	messageDigest(MSPAuth,BString(sl).Append(password).String());    // 
????

But that would mean to have the code in the same class. Would it help 
if we move this function to common.cpp? What would work better?

> 
> 
> Common::check_crypt_error(cryptContext,cryptGetAttributeString(cryptCon
text, 
> CRYPT_CTXINFO_HASHVALUE, digest, &digestLen),"ERROR getting hash");
> 
> 
> Common::check_crypt_error(cryptContext,cryptDestroyContext(cryptContext
), 
> "ERROR while destroying");
> 
> hex(digest,hex_str);
> 
> ????
Yes.

> 
> hope you can help, after that I have to search for a javascript 
> complient 
> browser that also can be started from Bme....If I'm not mistaken the 
> Dano 
> net+ is the browser I'm searching, as Mozilla(FireFox) doesn't work 
> in that 
> way yet!
Don't know much about the browsers, hope you can find one that works. I 
would be great if we could use FireFox, isn't there a way to 
communicate with it? Probably not.
> 
> regards,
> 
> Tim
> 