Question regarding FTS-1027 section 1.7 "Example of Frame Exchange
During CRAM Authentication"
In the example, the Originating side returns
M_PWD "CRAM-MD5-56be002162a4a15ba7a9064f0c93fd00"
This hex value appears to be incorrect. I tested with two
implementations of the CRAM-MD5 algorithm, and in both cases, the same
hex value was calculated using the password and challenge hex string
from the example, which differed from the value shown in the document.
Password: tanstaaftanstaaf
Challenge: f0315b074d728d483d6887d0182fc328
Expected: 56be002162a4a15ba7a9064f0c93fd00 <- From section 1.7
example
Result: 1503922bb6a38bc934bca7afeb522d28 <- From both MD5
algorithms
Which is correct - the value shown in section 1.7 or the test result value?
Question regarding FTS-1027 section 1.7 "Example of Frame Exchange During CRAM Authentication"
Password: tanstaaftanstaaf
Challenge: f0315b074d728d483d6887d0182fc328
Expected: 56be002162a4a15ba7a9064f0c93fd00 <- From section 1.7 example Result: 1503922bb6a38bc934bca7afeb522d28 <- From both MD5 algorithms
Which is correct - the value shown in section 1.7 or the test result value?
Regarding FTS-1027 section 1.7, can the example be updated, or is it illustrative only? If I may make a suggestion, I would use a password
more in line with one assigned by an NC (such as "BOBBY123")
Hello Jason,
On Saturday April 27 2024 13:11, you wrote to deon:
Regarding FTS-1027 section 1.7, can the example be updated, or is it illustrative only? If I may make a suggestion, I would use a password more in line with one assigned by an NC (such as "BOBBY123")
"BOBBY123" is NOT a password I would use or a type of password that I would encourage other Fidonet collegues to use. So I strongly advise against using it as an example in an FTSC documentation.
What would you propose as a more suitable and appropriate password for
the example? Or, continue to use the existing password, which is
stated in the first line of section 1.7 "(Password here is tanstaaftanstaaf)"?
"BOBBY123" is NOT a password I would use or a type of password that
I would encourage other Fidonet collegues to use. So I strongly
advise against using it as an example in an FTSC documentation.
Why burn a "good password" in a standards document? It's common
practice to use bad passwords as example source material for hashes
and digests in standards.
>> "BOBBY123" is NOT a password I would use or a type of password that I
>> would encourage other Fidonet collegues to use. So I strongly advise
>> gainst using it as an example in an FTSC documentation.
What would you propose as a more suitable and appropriate password for the example? Or, continue to use the existing password, which is stated in the first line of section 1.7 "(Password here is tanstaaftanstaaf)"?
Thank you everyone for your time and consideration. Based on your feedback I would like to propose the following change to Section 1.7:
Replace "CRAM-MD5-56be002162a4a15ba7a9064f0c93fd00"
with "CRAM-MD5-1503922bb6a38bc934bca7afeb522d28"
Why burn a "good password" in a standards document? It's commonAgreed. A sample should be something like yourpassword
practice to bad passwords as example source material for hashes and
digests in standards https://www.rfc-editor.org/rfc/rfc1321
Sysop: | Eric Oulashin |
---|---|
Location: | Beaverton, Oregon, USA |
Users: | 91 |
Nodes: | 16 (0 / 16) |
Uptime: | 08:52:31 |
Calls: | 5,096 |
Calls today: | 4 |
Files: | 8,491 |
Messages: | 352,827 |
Posted today: | 2 |