Error in specification re: DBUS_COOKIE_SHA1

Kristoffer Lundén kristoffer.lunden at gmail.com
Sun Mar 4 13:40:18 PST 2007


Or, if not an error, very unclear text. The specification says:

> The client locates the cookie, and generates its own hex-encoded randomly-generated
> challenge string. The client then concatenates the server's hex-encoded challenge, a ":"
> character, its own hex-encoded challenge, another ":" character, and the hex-encoded
> cookie. It computes the SHA-1 hash of this composite string. It sends back to the server
> the client's hex-encoded challenge string, a space character, and the SHA-1 hash.

What the server really expects is this:

The *decoded* challenges concatenated with ":" and the cookie,
hex-digested with SHA1 and this digest in turn hex-encoded once again.

I suggest a document update along these lines:

<snip>
The client locates the cookie, and generates its own
randomly-generated challenge string. The client then concatenates the
server's decoded challenge, a ":" character, its own challenge,
another ":" character, and the cookie. It computes the SHA-1 hash of
this composite string as a hex digest. It concatenates the client's
challenge string, a space character, and the SHA-1 hex digest,
hex-encodes the result and sends it back to the server.
</snip>

There's more small things that are unclear, such as the fact that
spaces in DATA blocks also are encoded to '20', which is logical but
isn't clear from the spec.

Hope this is the right forum for bringing these things up. While there
exists a "one, true spec" in the form of the source code, it means a
lot of tedious digging for someone like me. :)

-- Kristoffer


-- 
Kristoffer Lundén
✉ kristoffer.lunden at gmail.comkristoffer.lunden at gamemaker.nu
http://www.gamemaker.nu/
☎ 0704 48 98 77


More information about the dbus mailing list