[Phpgroupware-developers] MD5 authentification

[Guillaume Courtois]

Hi all,




This is for everybody's general knowledge, and especially for Chris who was
apparently interested in this subject.




After searching on this MD5 encoding problem, I have found that the syncml 
protocol
has changed from version 1.0.1 to 1.1 : in 1.0.1 the syncml client was coding it
this way :




base64(md5(username:passwd:nonce))




People who write the syncml protocol apparently have seen that it was a problem 
for
products who were not storing the logging informations this way, and have 
changed it
to :




base64(md5(base64(md5(username:password)):nonce))




You can check this in




http://www.syncml.org/docs/changes_for_syncml_represent_v11_20020215.pdf




pages 16 and 17.




Well, unless I have misunderstood something, this still causes a problem for us
since phpGW stores only md5(password). So I requested for help in the SyncML ML,
explaining our problem, but the only one who responded to me was for saying 
that I
was not understanding how it was working, that I should try to search on my 
own, and
stop bothering other people on such evident subjects ...




Well, does someone here understand it better than I (english is sometimes hard 
to
understand for me !), and confirm my understanding of the problem, or have I 
missed
something ?




Anyway, until we can correct this, I will only use plain text passwords ...




Regards.