From: <jz...@us...> - 2006-03-26 17:23:04
|
Hi, this is a somewhat technical question as to how Razor handles passwords=20 specified on the command line, e.g. "-pass=3Dsecret". In authenticate (in= =20 Core.pm) it says: my ($iv1, $iv2) =3D xor_key($options->{pass}); my ($my_digest) =3D hmac_sha1($resp{achal}, $iv1, $iv2); %qr =3D ( a =3D> 'auth', aresp =3D> $my_digest ); $queries[0] =3D makesis(%qr); I'm trying to do this in Java, but since I'm not a Perl programmer I don'= t=20 quite understand the above code. I did find out that passwords sent to=20 (and generated by) Razor are 64 chars long, which I assume is some=20 encoding of a possibly shorter string, e.g. "secret". Is $options->{pass}= =20 this shorter string, or is it already encoded? I think it's the shorter=20 string, because the encoding seems to happen by xor_key and hmac_sha1. Bu= t=20 how, exactly (in natural language)? What is $resp{achal}? Thanx for any help! -J=F6rg (Just to avoid a misunderstanding: I'm not implementing "JRazor" from=20 scratch, but using code from the Spamato project, www.spamato.net, which=20 however seems to lack this specific funcionality.) --=20 J=F6rg Zieren http://www.zieren.de +49 170 7516134 For a list of common abbreviations, see http://www.zieren.de/abk.html Please do not communicate my address to *any* website/service/company! |