Re: [Phpgroupware-developers] md5 question

[Guillaume Courtois]

No because the syncml client makes a chain with

username:password:nonce

then

md5 = encode_md5(username:password:nonce)

then

chain = encode_base64(md5)

then sends it to the server.

My server can

chain = decode_base64(md5)

but not fields = decode_md5(chain), cause there is no decode_md5 function, it's 
a one-way coding, as I understand it.

But if md5(username).md5(password).md5(nonce) = md5(username.password.nonce), I 
can get md5(password) as I have all the other fields ...

I have not tested this yet ...

Alex Borges (lex) (address@hidden) wrote*:
>
>Well... you can allways receive this style syncml uses, decrypt it, take
>the password, md5 it and compare it against whats on the database based
>on login name....
>
>
>
>El vie, 08-11-2002 a las 08:46, Guillaume Courtois escribió:
>> Hello all,
>>
>> A little question for you : the API seems to support the MD5-coded password, 
>> but only the password. The problem is that a syncml client can send a 
>> MD5-coded string, but containing username:password:nonce.
>>
>> So, is there a way to have a function that authenticates a session using a 
>> single string, or is there a function that can give you the password of a 
>> user based on his username ?
>>
>> Thanks !
>>
>>
>>
>>
>> Phpgroupware-developers mailing list
>> address@hidden
>> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>>
>
>
>
>
>Phpgroupware-developers mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>