Ticket ID: SIXXS #797864 Ticket Status: Wishlist PoP: (not applicable)
error in TIC documentation
![]()
I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
Hi, in https://www.sixxs.net/tools/tic/
1 The Authentication reads:
to authenticate the following comparison is used: md5sum(md5sum(clearpass).challenge) == md5sum(storedpass.challenge A client sends the first part (...)
it would be more precise if it read
to authenticate the following comparison is used: md5sum(challenge.md5sum(clearpass)) == md5sum(challenge.storedpass) A client sends the first part (...)
Rationale: the AICCU implementation of this operation is:
//challenge in &buf[4]
MD5String(password, sSignature, sizeof(sSignature)); //md5sum(clearpass)
snprintf(sChallenge, sizeof(sChallenge), "%s%s", &buf[4], sSignature); //challenge.md5sum(clearpass)
MD5String(sChallenge, sSignature, sizeof(sSignature)); //md5sum(challenge.md5sum(clearpass))
md5sum(clearpass).challenge
State change: wishlist
![]() ![]()
The state of this ticket has been changed to wishlist
error in TIC documentation
TIC documentation is out of date and does not match reality, that is also why it is not in any form of IETF draft.
There are no other client or server implementations, nor have their been any requests for this.
error in TIC documentation
![]()
Well... I'm using my own TIC + heartbeat client implementation ;-)
It is not so complete as the full AICCU suite, but it is enough for me.
error in TIC documentation
Any reason why you need your own implementation? Is there anything wrong with AICCU?
error in TIC documentation
![]()
No reasons at all (and nothing wrong with AICCU)... I just wanted to try it by myself.
|