Not logged in. · Lost password · Register
Forum: MatriX RSS
Avatar
Yasu #1
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
Subject: DIGEST-MD5 problem
I tried to connect to OpenFire by using your sample code:MiniClient and I changed to use BOSH. (MatriX 1.4.2 binary .NET version)
And I found a problem about DIGEST-MD5 authorization.

I used username,password,domain name like this.

username: 012345678910
password: word012345678910
Server :    abc.abdev1.xyz.tests.co.jp  (<- this is a local openfire server)

This long charactor setting causes error at DIGEST-MD5 authorization.
But using shorter username and password, it was successed.

I need to use such a long username,password,domain name for our products.
Can I solve this problem by changing MiniClient?
If this is library's problem, I hope this problem fixed soon.

[failed log]
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" to="abc.abdev1.xyz.tests.co.jp" version="1.0" >
RECV: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="abc.abdev1.xyz.tests.co.jp" version="1.0" id="a55c5232" >
RECV: <stream:features xmlns:stream="http://etherx.jabber.org/streams">
  <mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
    <mechanism>DIGEST-MD5</mechanism>
    <mechanism>PLAIN</mechanism>
    <mechanism>ANONYMOUS</mechanism>
    <mechanism>CRAM-MD5</mechanism>
  </mechanisms>
  <compression xmlns="http://jabber.org/features/compress">
    <method>zlib</method>
  </compression>
  <bind xmlns="urn:ietf:params:xml:ns:xmpp-bind" />
  <session xmlns="urn:ietf:params:xml:ns:xmpp-session" />
</stream:features>
SEND: <auth mechanism="DIGEST-MD5" xmlns="urn:ietf:params:xml:ns:xmpp-sasl" />
RECV: <challenge xmlns="urn:ietf:params:xml:ns:xmpp-sasl">cmVhbG09ImFiYy5hYmRldjEueHl6LnRlc3RzLmNvLmpwIixub25jZT0ibG8reWNEeHp5OHdncTVTYVM0WkNlOW1WZ00xZzRoNDUvUmZ3R3VDMCIscW9wPSJhdXRoIixjaGFyc2V0PXV0Zi04LGFsZ29yaXRobT1tZDUtc2Vzcw==</challenge>
SEND: <response xmlns="urn:ietf:params:xml:ns:xmpp-sasl">dXNlcm5hbWU9IjAxMjM0NTY3ODkwIixyZWFsbT0iYWJjLmFiZGV2MS54eXoudGVzdHMuY28uanAiLG5vbmNlPSJsbyt5Y0R4enk4d2dxNVNhUzRaQ2U5bVZnTTFnNGg0NS9SZndHdUMwIixjbm9uY2U9IjYzMjEyMmNlMGZhODc3OTEwYjY1MzM5NjA5Yzc2ZmEwZGFhMzM4MzA5N2E0YWEzMjZiYmM0ZTYzMzNkZTViMzUiLG5jPTAwMDAwMDAxLHFvcD1hdXRoLGRpZ2VzdC11cmk9InhtcHAvYWJjLmFiZGV2MS54eXoudGVzdHMuY28uanAiLGNoYXJzZXQ9dXRmLTgscmVzcG9uc2U9YjBiNzYyYzU4MjY3YmUxZDdlOWZlNDMzNTBhZTMwM2I=</response>
RECV: <failure xmlns="urn:ietf:params:xml:ns:xmpp-sasl">
  <not-authorized />
</failure>

SEND: </stream:stream>
RECV: </stream:stream>
Avatar
Alex #2
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I see no reason why Digest MD5 should fail with long usernames, password or domains. We have many customers using much longer usernames. Have you tried an existing client like Psi?
Anyway, Digest MD5 is deprecated and broken in the design and not recommended to use anymore.

Alex
Avatar
Yasu #3
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
My expression was wrong.

MatriX generates wrong result of encryption at sasl authorization(choose digest-md5 for auth),
when using long string name and password,domain.( when these all three parameters are long string, this happens.)

I tried existing client Sparks,and existing library Smack and strophe.js, but they have no problem.
only MatriX causes this problem, so I think this is something bug of MatriX.

[this is server side log : openfire]
javax.security.sasl.SaslException: DIGEST-MD5: digest response format violation. Mismatched response.
    at com.sun.security.sasl.digest.DigestMD5Server.validateClientResponse(Unknown Source)
    at com.sun.security.sasl.digest.DigestMD5Server.evaluateResponse(Unknown Source)
    at org.jivesoftware.openfire.net.SASLAuthentication.handle(SASLAuthentication.java:296)
    at org.jivesoftware.openfire.SessionPacketRouter.route(SessionPacketRouter.java:58)
    at org.jivesoftware.openfire.http.HttpSession.sendPendingPackets(HttpSession.java:619)
    at org.jivesoftware.openfire.http.HttpSessionManager$HttpPacketSender.run(HttpSessionManager.java:377)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
This post was edited on 2011-09-16, 03:56 by Yasu.
Avatar
Alex #4
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
please post a username and password combination which fails for you with exact these exception in Openfire.

Alex
Avatar
Yasu #5
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
This is failed combination.

username: 012345678910
password: pass012345678910
domain :    abc.abdev1.xyz.tests.co.jp      (<- this is a local openfire server)
Avatar
Alex #6
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
I will debug this and come back to you then.

Alex
Avatar
Alex #7
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Ok I can confirm that there is a problem. I while ago I have added a Managed MD5 class for Silverlight and Windows Phone, because there is no MD5 available in the Framework. For longer strings, or depending on the input this hashing class seems create wrong hashes. I am working on a solution and will post the results then.

Alex
Avatar
Alex #8
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
problem is fixed. There is a bug in Microsofts managed MD5 Hash class.
see. http://archive.msdn.microsoft.com/SilverlightMD5

I am uploading a new binary 1.4.3.0 in the next minutes.

Alex
Avatar
Yasu #9
Member since Sep 2011 · 22 posts
Group memberships: Members, Premium
Show profile · Link to this post
I tried 1.4.3.0 , It works fine!!

Thanks for your help.
Avatar
ghostknight #10
Member since Oct 2013 · 17 posts
Group memberships: Members
Show profile · Link to this post
The problem is still actual in 1.5.2 in Compact Framework.
Login longer than 56 symbols causes problem with MD5 hash generation.
Login\password that produces error are:
login: available11-4e415559_4546_484e_1220_2012060300000a95-emergency
password:4e415559_4546_484e_1220_2012060300000a95

Please, advise.
Avatar
Alex #11
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
the buggy MD5 Hash implementation was fixed with release 1.4.2.0. Also in the Compact version.
You can test yourself if the MD-5 Hashing in the CF version produces valid output.

Util.Hash.Md5HashBytes is public, so just test it with some long strings.

In the SASL Digest-MD5 mechanism its hashing more than the password during authentication. It builds strings which includes also username, realm. nonce, cnonce etc... So the string which gets hashed is much longer than your password only.

Are you sure that the problem relies in MatriX and not on your server?

Alex
Avatar
ghostknight #12
Member since Oct 2013 · 17 posts
Group memberships: Members
Show profile · Link to this post
Alex,

For the moment I'm unsure, that it's Matrix fault. At least I've found a bug on the server in manageing password (have reported it to developers). Thank you for support!
Avatar
Alex #13
Member since Feb 2003 · 4327 posts · Location: Germany
Group memberships: Administrators, Members
Show profile · Link to this post
ok, let me know when you have info, then I can take a look at the codes again.

Alex
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Forum: MatriX RSS