[rfc-i] Errata (2069)
Frank Ellermann
nobody at xyzzy.claranet.de
Sat Apr 2 15:42:07 PST 2005
Hi, I've submitted an error for RfC 2069 some weeks ago.
It's of course possible that it's only an error on my side,
but what's the normal procedure for submitted RfC errors ?
Bye, Frank
JFTR the original report (one typo "respose" fixed):
Message-ID: <42215577.18A6 at xyzzy.claranet.de>
Date: Sun, 27 Feb 2005 06:07:04 +0100
From: Frank Ellermann <nobody at xyzzy.claranet.de>
To: rfc-editor at rfc-editor.org
Subject: RfC 2069 errata
RfC 2069 (digest access authentication) chapter 2.4 is an example,
the userame is "Mufasa", the password is "CircleOfLife":
| username="Mufasa",
| realm="testrealm at host.com",
| nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",
| uri="/dir/index.html",
| response="e966c932a9242554e42c8ee200cec7f6",
| opaque="5ccc069c403ebaf9f0171e9517f40e41"
The "response" is MD5( MD5( A1 ) || ':' || nonce || ':' || MD5( A2 ))
MD5( A1 ) = MD5( username || ':' || realm || ':' || password )
= MD5( "Mufasa:testrealm at host.com:CircleOfLife" )
= "4945ecf42b1bb868634058a845bedde8"
MD5( A2 ) = MD5( Method || ':' || digest-uri-value )
= MD5( "GET:/dir/index.html" )
= "39aff3a2bab6126f332b942af96d3366"
This results in a response = "1949323746fe6a43ef61f9606e7febea"
instead of the shown value = "e966c932a9242554e42c8ee200cec7f6".
Quick reality check, the RfC 2617 example uses the same values
username = "Mufasa"
nonce = "dcd98b7102dd2f0e8b11d0f600bfb0c093"
realm = "testrealm at host.com"
A2 = "GET:/dir/index.html"
with a slightly different
password = "Circle Of Life"
resulting in MD5( A1 ) = "939e7578ed9e3c518a452acee763bce9"
The "respose" is MD5( MD5( A1 ) || ':' || X || ':' || MD5( A2 ))
for X = "dcd98b7102dd2f0e8b11d0f600bfb0c093:00000001:0a4f113b:auth"
and here the response = "6629fae49393a05397450978507c4ef1" works as
expected.
I've tried to contact two of the RfC 2069 authors about this issue,
but got no reply.
Regards, F.Ellermann
More information about the rfc-interest
mailing list