Re: Rif: Re: [squid-users] Digest Authentication

Hello,

I'm trying to make an offline calculation of the Request-Digest for an
authentication session beetween a client and Squid using
digest_pw_auth to see if I can reconstruct the response to the challenge.
I'm using md5sum on Linux to make MD5 calculations.

My data are:

username: pippo
realm: Squid proxy-caching web server
password: pippo123

so A1 is ( since qop is auth): pippo:Squid proxy-caching web
server:pippo123
and H(A1) is: b1e17e676d8be24061f310c9b7cd4191

Request-line is: GET http://www.google.it/ HTTP/1.0
so digest-uri-value is: http://www.google.it/
and method is: GET
and, since qop is auth, A2 is: GET:http://www.google.it/
H(A2) results in: 6888e61e6a7d0bd3847a7984ee4e25d3

Given:
qop = auth
algorithm = MD5
nonce = UqYFQLhHPwq44o03
nc = 00000001
cnonce = 32af20280605c3e3a1156fb48bdaa699
I calculate the response as MD5 of:

b1e17e676d8be24061f310c9b7cd4191:UqYFQLhHPwq44o03:00000001:32af20280605c3e3a
1156fb48bdaa699:auth:6888e61e6a7d0bd3847a7984ee4e25d3

getting 84464e30fc31eadd12380b322a5d3bbf
which is different from the response I see from ethereal sniff, that is
42c527687f4aa0dbe95af0e888e954f5

Am I making some mistake in building the hashes H(A1) and/or H(A2) or in
building the string for last computation?

Thanks in advance.

Regards,

Antonio Manfreda

----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: <antonio.manfreda@realemutua.it>
Cc: "Henrik Nordstrom" <hno@squid-cache.org>; <squid-users@squid-cache.org>
Sent: Wednesday, January 14, 2004 6:49 PM
Subject: Re: Rif: Re: [squid-users] Digest Authentication

> On Wed, 14 Jan 2004 antonio.manfreda@realemutua.it wrote:
>
> > Anyway, I still can't find any direct reference to HHA1 in RCF2617. What
> > does it correspond to?
>
> > > Search for H(A1) and you will find the correct references.
>
> Regards
> Henrik
>
Received on Wed Jan 14 2004 - 15:47:23 MST