[sync] MD5 authentication

Erik Gustavsson cyrano at area26.no-ip.org
Sun Jul 9 04:07:16 PDT 2006 

Karsten Fourmont wrote:
> Hi,
>
> I still have difficulties getting MD5 authentication working. Does 
> anybody have experience with this?
>
> The SyncML Spec says this:
>
> "Example: The following is an example of a MD5 digest authentication 
> credential scheme consisting of the character string 
> bruce1:ohbehave:nonce. The MD5 Digest is also Base64 character 
> encoded. ...
> <Data>Zz6EivR3yeaaENcRN6lpAQ==</Data>
>
> However when I do
>
> print base64_encode(pack( 'H*' , md5("bruce1:ohbehave:nonce")))
>
> I end up with something different.
> Note: the "pack( 'H*' ,...)" part does (should?) produce a binary 
> representation of the md5 hex value, like md5(...,true) does in php5.
>
> Any ideas?
>
I'm not much of a PHP hacker, but I did a quick search through some 
SyncML PDF's and they seem to indicate to me that the algorithm is not 
md5_base64("user:pass:nonce"), but md5_base64(md5_base64("user:pass") . 
":nonce")).

I haven't tried it, but here is the passage from 
"syncml_represent_v11_20020215.pdf" that I base this on:

----
The MD5 Digest scheme is identified by the URI syncml:auth-md5. Let 
MD5(data)
denote the result of applying the MD5 hash algorithm to “data”, the 
result is a 128-bit binary
quantity. Let A be the concatenation of an authentication identifier as 
the originator’s userid,
followed by the COLON (i.e., “:”) separator character, followed by some 
secret known by
the originator and recipient such as the originator's password for the 
corresponding userid,
for instance:
A=”Bruce1:OhBehave”
Let AD be defined as:
AD = MD5(A)
Let B64(data) denote the result of the base64 encoding algorithm applied 
to “data”. This
authentication scheme is the MD5 digest form of the concatenation of 
B64(AD), followed by
the COLON (i.e. “:”) separator character, followed by the recipient 
specified nonce string.
---

And also this, from "OMA-TS-SyncML-DataSyncRep-V1_2-20060316-C.pdf":

---
Example: The following is an example of a MD5 digest authentication 
credential scheme where the user name is
“Bruce2”, the password is “OhBehave”, and the nonce is “Nonce”. Let 
MD5(data) denote the result of applying the MD5
hash algorithm to “data”. In this example, the MD5 Digest is 
MD5(MD5(“Bruce2:OhBehave”)”:Nonce”). The MD5 Digest is
also Base64 character encoded. The type and format of the credential, as 
well as the next nonce are specified by the meta-
information in the Meta element type.
---

/Erik

More information about the sync mailing list