[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: A bug in rfc2104.el
Shuhei KOBAYASHI <shuhei@aqua.ocn.ne.jp> writes:
> It seems that the `hash' argument of `rfc2104-hash' is expected to be
> a hash function which returns a hash value in _hexicadecimal_ form.
>
> But, in case of "(> (length key) block-length)", `rfc2104-hash' forgets
> to convert HASH(key) to binary form, and returns wrong HMAC value.
>
> p.s.
> Using hexadecimal form of HMAC-MD5 value is part of CRAM-MD5, not part
> of HMAC. (For example, SCRAM-MD5 uses binary form of HMAC-MD5 value.)
Yes. Hadn't realized that when I wrote the code.
As I don't have a server to test this against, and nnimap will
probably use Cyrus SASL for (S)CRAM-MD5 in a not-so-far-away future, I
don't think I'll be updating the rfc2104 library any more. I'm
accepting patches for it, of course.