• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

client server authentication problem........

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello all..

i m making a server client authentication model for this i m using MessageDigest class and its MD5 method.

By the help of this i am generating a random field called "key". And this key sends to the client, with username called "vinay", and ServerName��..

Sent field:-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
WWW-Authenticate:: ServerName="WORKGROUP", key="0c977ebb93725e437e7d75f8adc1dc", UserName="vinay", algorithm="MD5";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


And client should reply with same key (same value), ServerName and a predefined password (that server provide),that password is encrypted in response field by using MD5 algorithm.

received field:-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Authorization:: response="6486aafa17e2ebe3546d84a4e83c767e", UserName="vinay", ServerName="WORKGROUP", key="0c977ebb93725e437e7d75f8adc1dc", algorithm="MD5"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

So in the received Header we have a new RESPONSE field which encrypted with password.

So problem is that ::-
How I can get PASSWORD from response field for authentication. means how can i decrypt that Response field.
 
Marshal
Posts: 28193
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't decrypt that "response" field to get the password. Normally what you would do would be to encrypt the password you have, and compare that to the response field.
 
Ranch Hand
Posts: 65
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well, let's be a little pedantic here - in the sample shown, there is no encrypting going on. MD5 is a digest algorithm, not a cipher. That means it's one-way only.

The idea here is to avoid sending the actual password over the air (which is considered rude in security circles). The digest is exchanged as a means for the "other side" to prove that they know the password, without needing the password itself.

In this specific case - the server, upon receiving the response and knowing what password the user has on the server(ew), generates the matching MD5 on its part and compares to what the user sent. If there is a match, the user must have entered the right password as part of building the response.

Does that help?
Grant
 
reply
    Bookmark Topic Watch Topic
  • New Topic