[Dovecot] CRAM-MD5 Password Generation Algorithm
Bill Cole
dovecot-20061108 at billmail.scconsult.com
Sun Apr 13 08:39:44 EEST 2008
At 9:32 PM +0100 4/12/08, Douglas Willcocks imposed structure on a
stream of electrons, yielding:
[...]
>I've read through the document, and I now understand where exactly the
>precomputed context sits in the whole picture, but I'm still unsure how to
>reproduce it without dovecotpw.
In looking a little closer at RFC1321 that defines MD5, I think I see
the trick. The stored contexts are not full MD5's of Ki and Ko, they
are just the 16 bytes of state after hashing those single key blocks.
A full MD5 hash gets finalized by padding out the data with nulls and
a 64-bit count of the hashed data. If you were to do a normal MD5 of
Ki and Ko, the result would include the result of the finalization
step.
You can see this in the hmac_md5_get_cram_context and
hmac_md5_set_cram_context functions in the Dovecot code. The former
extracts just the 4 32-bit state values, and the latter sets them and
sets the bit count in the context structure to 512 (i.e. 64 bytes)
Maybe that provides a helpful clue...
--
Bill Cole
bill at scconsult.com
More information about the dovecot
mailing list