World: r3wp
[MySQL]
| older newer | first last |
| Pekr 9-Jan-2006 [330] | and thanks a lot .... |
| Volker 9-Jan-2006 [331] | Ok, cu, good luck :) |
| Pekr 9-Jan-2006 [332x11] |
I have got the rest of the string which is currently ignored by handshake
process:
{^Z^B^@^@^@^@^@^@^@^@^@^@^@^@^@^@I5oNx34IQ>~#^@}
|
so, I now got to state, where I have crypt-seed2 variable, holding the rest of the salt, I tried to join it to crypt-seed and got following reply: User error: ERROR 1045 : access denied for user ['root'-:-'localhost'] (using password: yes) | |
anyway - I regard handshake fixed at least to state, where you can obtain full protocol info, according to specs. Of course the handshake may be more complicated, but we don't care now, right? ;-) | |
Volker - what do you think Doc does in client-param after the handshake? It seems to me he is preparing for the answer, but long-password was strangerly set to 0 by the server ... | |
I implemented scramble-long function as follows:
scramble-long: func [pass port][
hash-stage1: checksum/method port/locals/long-seed 'sha1
hash-stage2: checksum/method hash-stage1 'sha1
to-string xor hash-stage1 (checksum/method/key port/locals/long-seed
'sha1 hash-stage2)
]
| |
I simply don't know how to rewrite in rebol using 'checksum following line: reply=xor(hash_stage1, sha1(public_seed, hash_stage2)) | |
uh, there is a bug on first line of my func above - hash-stage1: checksum/method pass 'sha1 .... but it does not work anyway ... | |
the C equivalent is in 'scramble(), posted on rebol.cz link earlier .... | |
if you look into scrambel(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
I have rather bad feeling, that those two consecutive sha1_input calls will be show stopper for checksum to be used .... | |
I found sha1.c funcs in mySQL distro, I will post it in two hours to ftp, as I don't have account access here ... | |
| Will 9-Jan-2006 [343] | just to let you know, Doc is looking into mysql 5 issues 8) |
| Pekr 9-Jan-2006 [344x4] | ah, so ... I am so near :-) |
I fixed the protocol .... just latest bit is needed :-) | |
if you have contact to Doc, you can let him know that I can give him some pointers ... well, you can point his to this group discussion .... | |
(it is available also via web, in the case he does not have altme anymore) | |
| Dockimbel 9-Jan-2006 [348] | Hi, you did well by making this group web visible, I have no more time to chat on AltMe only checking sometime the web export of AltMe channels. |
| Pekr 9-Jan-2006 [349] | hi Doc! |
| Dockimbel 9-Jan-2006 [350] | I have a couple of hours to hack someething for MySQL v5 support. |
| Pekr 9-Jan-2006 [351x2] | I just felt ppl feel frustrated about not being able to connect ... |
can I sum for you? | |
| Dockimbel 9-Jan-2006 [353x2] | I'll try to reuse your code for scrambling, it will save me time looking in the sources of MySQL server. |
Yes, please :-). | |
| Pekr 9-Jan-2006 [355] | OK, so first - handshake is not complete parsing full headers ... |
| Dockimbel 9-Jan-2006 [356] | I'm currently adding code to process the remaing headers. I'm retrieving the second part of the seed. |
| Pekr 9-Jan-2006 [357] | I added read-byte (charset), read-int (server-status), 13 skip (not-used), read-string (the rest of seed) |
| Dockimbel 9-Jan-2006 [358] | We agree ;) |
| Pekr 9-Jan-2006 [359] | so I extended also locals-class by those variables ... |
| Dockimbel 9-Jan-2006 [360x2] | ok |
I'll do the same | |
| Pekr 9-Jan-2006 [362x11] | next things, which can/or does not need to be solved is read-packet port following send-packed after handshake - IF the server is new one, but it does not use new passwords, it will reply with Oxfe |
but - maybe we don't need to care to do it so automatically..... | |
ppl will be happy to connect to new versions .... | |
we also found out, that new shceme uses sha1 .... which is ok with checksum/secure ... | |
however: if you look into scramble(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
scheme used between client, server:
The new authentication is performed in following manner:
SERVER: public_seed=create_random_string()
send(public_seed)
CLIENT: recv(public_seed)
hash_stage1=sha1("password")
hash_stage2=sha1(hash_stage1)
reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
// this three steps are done in scramble()
send(reply)
SERVER: recv(reply)
hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
candidate_hash2=sha1(hash_stage1)
check(candidate_hash2==hash_stage2)
// this three steps are done in check_scramble()
| |
http://www.redferni.uklinux.net/mysql/MySQL-Protocol.html | |
http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html | |
Now - sorry if I am breaking some licenses, but I will post some stuff to my website, and remove it once we are finished: http://www.rebol.cz/mysql/mysql-protocol.r http://www.rebol.cz/mysql/password.c | |
above some usefull links collected ... | |
btw- where do crypt-v10, hash-v10 and 9 come from? | |
| Dockimbel 9-Jan-2006 [373] | MySQL client sources |
| Pekr 9-Jan-2006 [374x2] | Did you implement your scrambler according some earlier mysql sources? |
I wonder if they will be needed ... | |
| Dockimbel 9-Jan-2006 [376x2] | from 3.x versions |
I'll keep them for ppl still using 3.x server versions | |
| Pekr 9-Jan-2006 [378x2] | rebol now has checksum/secure .... |
ok .... | |
| older newer | first last |