From 6f49ebd975a145734bc5705b34056228ce5a2161 Mon Sep 17 00:00:00 2001 From: Joe Steele Date: Mon, 24 Feb 2014 11:58:30 -0500 Subject: [PATCH] Permit UTF-8 names & passwords with CRAM-MD5 authentication CRAM-MD5 (RFC 2195) permits 8-bit data but does not identify its encoding. Since ASCII does not permit 8-bit data, this commit changes the encoding to UTF-8. There is an expired Internet-Draft that proposed that the RFC be changed to explicitly require UTF-8 encoding of user names and shared secrets. (But then there's also an expired draft proposing that CRAM-MD5 be retired to historic status.) Instead of CRAM-MD5, a better option for users is the SASL PLAIN mechanism (within TLS) which explicitly permits UTF-8. --- src/com/fsck/k9/mail/Authentication.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/com/fsck/k9/mail/Authentication.java b/src/com/fsck/k9/mail/Authentication.java index 4b9ae90ae..a4a9b4fbf 100644 --- a/src/com/fsck/k9/mail/Authentication.java +++ b/src/com/fsck/k9/mail/Authentication.java @@ -54,7 +54,7 @@ public class Authentication { try { byte[] nonce = Base64.decodeBase64(b64Nonce); - byte[] secretBytes = password.getBytes(US_ASCII); + byte[] secretBytes = password.getBytes(); MessageDigest md = MessageDigest.getInstance("MD5"); if (secretBytes.length > 64) { secretBytes = md.digest(secretBytes); @@ -74,7 +74,7 @@ public class Authentication { byte[] result = md.digest(firstPass); String plainCRAM = username + " " + new String(Hex.encodeHex(result)); - byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes(US_ASCII)); + byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes()); return b64CRAM;