[Razor-users] Authentication in Core.pm

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

this is a somewhat technical question as to how Razor handles passwords=20
specified on the command line, e.g. "-pass=3Dsecret". In authenticate (in=
=20
Core.pm) it says:

     my ($iv1, $iv2) =3D xor_key($options->{pass});
     my ($my_digest) =3D hmac_sha1($resp{achal}, $iv1, $iv2);

     %qr =3D ( a =3D> 'auth', aresp =3D> $my_digest );
     $queries[0] =3D makesis(%qr);

I'm trying to do this in Java, but since I'm not a Perl programmer I don'=
t=20
quite understand the above code. I did find out that passwords sent to=20
(and generated by) Razor are 64 chars long, which I assume is some=20
encoding of a possibly shorter string, e.g. "secret". Is $options->{pass}=
=20
this shorter string, or is it already encoded? I think it's the shorter=20
string, because the encoding seems to happen by xor_key and hmac_sha1. Bu=
t=20
how, exactly (in natural language)? What is $resp{achal}?

Thanx for any help!

-J=F6rg

(Just to avoid a misunderstanding: I'm not implementing "JRazor" from=20
scratch, but using code from the Spamato project, www.spamato.net, which=20
however seems to lack this specific funcionality.)

--=20
J=F6rg Zieren           http://www.zieren.de            +49 170 7516134
For a list of common abbreviations, see http://www.zieren.de/abk.html
Please do not communicate my address to *any* website/service/company!