moparisthebest/k-9
1
0
Fork 0
mirror of https://github.com/moparisthebest/k-9 synced 2024-12-26 01:28:50 -05:00
Code Issues Releases Wiki Activity

Permit UTF-8 names & passwords with CRAM-MD5 authentication

Browse Source 
CRAM-MD5 (RFC 2195) permits 8-bit data but does not identify its encoding.
Since ASCII does not permit 8-bit data, this commit changes the encoding
to UTF-8.

There is an expired Internet-Draft that proposed that the RFC be changed
to explicitly require UTF-8 encoding of user names and shared secrets.
(But then there's also an expired draft proposing that CRAM-MD5 be retired
to historic status.)

Instead of CRAM-MD5, a better option for users is the SASL PLAIN mechanism
(within TLS) which explicitly permits UTF-8.
This commit is contained in:
Joe Steele 2014-02-24 11:58:30 -05:00
parent 1d1b14da21
commit 6f49ebd975
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/com/fsck/k9/mail/Authentication.java
View File

@ -54,7 +54,7 @@ public class Authentication {
try { try {
byte[] nonce = Base64.decodeBase64(b64Nonce); byte[] nonce = Base64.decodeBase64(b64Nonce);
byte[] secretBytes = password.getBytes(US_ASCII); byte[] secretBytes = password.getBytes();
MessageDigest md = MessageDigest.getInstance("MD5"); MessageDigest md = MessageDigest.getInstance("MD5");
if (secretBytes.length > 64) { if (secretBytes.length > 64) {
secretBytes = md.digest(secretBytes); secretBytes = md.digest(secretBytes);
@ -74,7 +74,7 @@ public class Authentication {
byte[] result = md.digest(firstPass); byte[] result = md.digest(firstPass);
String plainCRAM = username + " " + new String(Hex.encodeHex(result)); String plainCRAM = username + " " + new String(Hex.encodeHex(result));
byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes(US_ASCII)); byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes());
return b64CRAM; return b64CRAM;