RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 6287, "OCRA: OATH Challenge-Response Algorithm", June 2011

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

Errata ID: 3900
Status: Held for Document Update
Type: Editorial

Reported By: Marcus Bring
Date Reported: 2014-02-24
Held for Document Update by: Stephen Farrell
Date Held: 2014-07-03

Section Appendix A. says:

* @param password     a password that can be used, HEX encoded
.
.
.
// Put the bytes of "password" to the message
// Input is HEX encoded

It should say:

* @param password     a password that can be used, hashed with the 
* SHA-version declared in OCRA-suite and HEX encoded.
.
.
.
// Put the bytes of "password" to the message
// Input is SHA hashed and HEX encoded

Notes:

The password should be hashed as stated in the RFC and as it is done in the testOCRA class.

This should also eliminate the need to padd the password with zeros since the hash is always of the correct length.

// Password - sha1
if(DataInput.toLowerCase().indexOf("psha1") > 1){
passwordLength=20;
}

// Password - sha256
if(DataInput.toLowerCase().indexOf("psha256") > 1){
passwordLength=32;
}

// Password - sha512
if(DataInput.toLowerCase().indexOf("psha512") > 1){
passwordLength=64;
}

Report New Errata