[Dovecot] HMAC-MD5 / HMAC-MD5-context
Chris Laif
chris.laif at googlemail.com
Tue Aug 22 12:30:07 EEST 2006
$ dovecotpw -p testpass
{HMAC-MD5}fe8522268d91e485ccac8f36800e4fa6b10363e2a371cfa61731109b450906cd
I wonder if the prefix 'HMAC-MD5' is the correct notation here.
According to RFC2104 an HMAC is calculated as follows:
H(K XOR opad, H(K XOR ipad, text))
where H is the cryptographic hash function (MD5 in this case).
Therefore the result has to be a 128 bit string, which is obviously
not the case in the above shown example. In addition, the input value
'text' is missing if you only have a password K.
Maybe it would be better to use {HMAC-MD5-CONTEXT} or {HMAC-MD5-CTX} ?
Chris
More information about the dovecot
mailing list