[imp] quickly going blind here ... more on cram-md5 ...

[Marc G. Fournier]

On Fri, 15 Feb 2002, Chuck Hagenbuch wrote:

> Quoting "Marc G. Fournier" <scrappy@hub.org>:
>
> > So, its hitting imp/redirect.php, doing an authenticate, and finds that
> > thta works ... then its hitting /login.php, does it again, through the
> > same function, and from what I can tell, the exact same values, which then
> > fails ...
>
> Are you _sure_ the passwords match? Are you logging the encrypted (stored in
> session) or decrypted passwords?

Okay, I *thought* they matched right now, but I just added a bit more
debugging to confirm ...

first pass through /imp/redirect.php:

/usr/local/www/horde/imp/lib/IMP.php: 280 /imp/redirect.php
/usr/local/www/horde/imp/lib/IMP.php: 281 IMP:authenticate -> flags=64
/usr/local/www/horde/imp/lib/IMP.php: 333: $imp['pass'] == g14AAA==#2arHVOOuWvX1
/usr/local/www/horde/imp/lib/IMP.php: 334: Secret::read(Secret::getKey('imp'), $imp['pass'])) == hordetest

Second pass, t hrough login.php:

/usr/local/www/horde/imp/lib/IMP.php: 280 /login.php
/usr/local/www/horde/imp/lib/IMP.php: 281 IMP:authenticate -> flags=64
/usr/local/www/horde/imp/lib/IMP.php: 333: $imp['pass'] == g14AAA==#2arHVOOuWvX1
/usr/local/www/horde/imp/lib/IMP.php: 334: Secret::read(Secret::getKey('imp'), $imp['pass'])) == ÿ^DÈÀÒ M-^RM- y

The values' of $imp['pass'] are identical, but the 'Secret::read..' value
is different ... so the second time through its not decoding properly?

Going one step further, I just added some debuggin for the 'getKey' part:

First pass:

Secret::getKey('imp') == 73e2d2e834174eaea863b5ea25a7a261

Second pass:

Secret::getKey('imp') == d5c5f8b72441343dafd9ea89228e9aa9

Thoughts?