mirror of
https://github.com/moparisthebest/k-9
synced 2025-01-13 06:38:05 -05:00
Permit UTF-8 names & passwords with CRAM-MD5 authentication
CRAM-MD5 (RFC 2195) permits 8-bit data but does not identify its encoding. Since ASCII does not permit 8-bit data, this commit changes the encoding to UTF-8. There is an expired Internet-Draft that proposed that the RFC be changed to explicitly require UTF-8 encoding of user names and shared secrets. (But then there's also an expired draft proposing that CRAM-MD5 be retired to historic status.) Instead of CRAM-MD5, a better option for users is the SASL PLAIN mechanism (within TLS) which explicitly permits UTF-8.
This commit is contained in:
parent
1d1b14da21
commit
6f49ebd975
@ -54,7 +54,7 @@ public class Authentication {
|
||||
try {
|
||||
byte[] nonce = Base64.decodeBase64(b64Nonce);
|
||||
|
||||
byte[] secretBytes = password.getBytes(US_ASCII);
|
||||
byte[] secretBytes = password.getBytes();
|
||||
MessageDigest md = MessageDigest.getInstance("MD5");
|
||||
if (secretBytes.length > 64) {
|
||||
secretBytes = md.digest(secretBytes);
|
||||
@ -74,7 +74,7 @@ public class Authentication {
|
||||
byte[] result = md.digest(firstPass);
|
||||
|
||||
String plainCRAM = username + " " + new String(Hex.encodeHex(result));
|
||||
byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes(US_ASCII));
|
||||
byte[] b64CRAM = Base64.encodeBase64(plainCRAM.getBytes());
|
||||
|
||||
return b64CRAM;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user