World: r3wp
[MySQL]
| older newer | first last |
| Pekr 9-Jan-2006 [367x6] | scheme used between client, server:
The new authentication is performed in following manner:
SERVER: public_seed=create_random_string()
send(public_seed)
CLIENT: recv(public_seed)
hash_stage1=sha1("password")
hash_stage2=sha1(hash_stage1)
reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
// this three steps are done in scramble()
send(reply)
SERVER: recv(reply)
hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
candidate_hash2=sha1(hash_stage1)
check(candidate_hash2==hash_stage2)
// this three steps are done in check_scramble()
|
http://www.redferni.uklinux.net/mysql/MySQL-Protocol.html | |
http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html | |
Now - sorry if I am breaking some licenses, but I will post some stuff to my website, and remove it once we are finished: http://www.rebol.cz/mysql/mysql-protocol.r http://www.rebol.cz/mysql/password.c | |
above some usefull links collected ... | |
btw- where do crypt-v10, hash-v10 and 9 come from? | |
| Dockimbel 9-Jan-2006 [373] | MySQL client sources |
| Pekr 9-Jan-2006 [374x2] | Did you implement your scrambler according some earlier mysql sources? |
I wonder if they will be needed ... | |
| Dockimbel 9-Jan-2006 [376x2] | from 3.x versions |
I'll keep them for ppl still using 3.x server versions | |
| Pekr 9-Jan-2006 [378x2] | rebol now has checksum/secure .... |
ok .... | |
| Dockimbel 9-Jan-2006 [380] | Is 'sha1 encoding available in free REBOL cores ? |
| Pekr 9-Jan-2006 [381x7] | the strange things is, there is long-password flag, but server somehow does not report it during negotiation ... |
yes, in cores - try help checksum ... wait a bit ... | |
>> help checksum
USAGE:
CHECKSUM data /tcp /secure /hash size /method word /key key-value
DESCRIPTION:
Returns a CRC or other type of checksum.
CHECKSUM is a native value.
ARGUMENTS:
data -- Data to checksum (Type: any-string)
REFINEMENTS:
/tcp -- Returns an Internet TCP 16-bit checksum.
/secure -- Returns a cryptographically secure checksum.
/hash -- Returns a hash value
size -- Size of the hash table (Type: integer)
/method -- Method to use
word -- Method: SHA1 MD5 (Type: word)
/key -- Returns keyed HMAC value
key-value -- Key to use (Type: any-string)
| |
so basically checksum/secure checksum/secure "mypass" gives exactly the same result as in mysql doc page posted above..... | |
however, the trouble imo comes from sha1(public-seed, hash_stage2) ... it calls two times sha1_input, without reading out the result first ... I am afraid that maybe we will have to reimplement all hashing functions in rebol now? | |
btw - I put following code into handshake: read-string (pl/long-seed: join sys-copy pl/crypt-seed string) to end simply to not affect old functionality ... | |
well, and that's all I was capable of so far :-) | |
| Dockimbel 9-Jan-2006 [388] | Ok, thanks for all the info. I'm working on it... |
| Pekr 9-Jan-2006 [389] | cool! ppl will surely appreciate it - rebol without free mySQL scheme is kind of show stopper for some of them :-) |
| Volker 9-Jan-2006 [390] | sha_input: http://www.distlab.dk/mysql-4.1/html/mysys_2sha1_8c-source.html#l00179 Seems the two inputs are like a join. Usefull this way if one hashes files withput loading everything in memory. |
| Pekr 9-Jan-2006 [391] | join? |
| Volker 9-Jan-2006 [392x2] | Accepts an array of octets as the next portion of the message. |
if you do two such inputs, it should be like checksum/secure join part1 part2 | |
| Pekr 9-Jan-2006 [394x3] | scramble-long: func [pass port][
hash-stage1: checksum/secure pass
hash-stage2: checksum/secure hash-stage1
to-string xor hash-stage1 (checksum/secure port/locals/long-seed
hash-stage2) ;.--- what to do here?
]
|
aha ... | |
bad handshake :-) | |
| Volker 9-Jan-2006 [397x2] | grrr :) |
Is the above your code? (checksum/secure port/locals/long-seed hash-stage2) -> ( (checksum/secure port/locals/long-seed) (hash-stage2) ) did you forget a join or something? | |
| Pekr 9-Jan-2006 [399] | huh, connected? :-) |
| Volker 9-Jan-2006 [400] | really? :) |
| Pekr 9-Jan-2006 [401x3] | yes! |
yes yes yes yes!!!!!! | |
Volker is GURU! | |
| Volker 9-Jan-2006 [404] | Hey, congrats! So much to rebol-community ;) |
| Pekr 9-Jan-2006 [405] | scramble-long: func [pass port][
hash-stage1: checksum/secure pass
hash-stage2: checksum/secure hash-stage1
to-string xor hash-stage1 (checksum/secure join port/locals/long-seed
hash-stage2)
]
|
| Volker 9-Jan-2006 [406] | And you are a master librarian :) |
| Anton 9-Jan-2006 [407x3] | Well, I just logged in at the right moment... :) |
Congrats. | |
Now to sleep... | |
| Volker 9-Jan-2006 [410] | Goodnight Anton. |
| Pekr 9-Jan-2006 [411] | ufff ... :-) |
| Volker 9-Jan-2006 [412] | Somehow a good feeling. Specially imaging Pekr dancing around. Yes yes yes yes :)) |
| Pekr 9-Jan-2006 [413x4] | :-) exactly :-) |
I did not expect mysel to be able to decode simple functionality of the scheme. But on saturday I tried to tell myself, that maybe I can at least give some pointers to more skilled rebollers, to not hear that I am actually doing nothing ... | |
I prepared Ethereal to just find out, that it will not report any packets on localhost ;-) | |
without your hint to protocol internals, plust the 2x checksum/secure being identical to mysql docs, nothing like that would be possible on my side .... | |
| older newer | first last |