PasswordMaker Forums

Other Editions => Other Editions - Bugs => Topic started by: MiquelFire on September 17, 2005, 01:29:28 AM

Title: HMAC bug
Post by: MiquelFire on September 17, 2005, 01:29:28 AM

Just downloaded the Konfabulator Widget today to get that a whirl for a desktop app. As a test, I used the online version (which I downloaded) and the Firefox extension 0.7.3 (the Firefox updater is being slow it seems...) to see if I can make a matching configuration. Thing is, it seems there's a bug with the url line and HMAC generation. Not sure on why this is, but the widget comes up with a different password than the other two. As of now, this puts me in a position where I can't switch (I need a desktop app that starts quick for my use)

Title: HMAC bug
Post by: Eric H. Jung on September 17, 2005, 01:41:04 AM

Hi MiquelFire,

Quote

(I need a desktop app that starts quick for my use)

Firstly, let me tell you that there will shortly be other desktop options beside the Konfabulator widget and downloaded HTML page.

Quote

Thing is, it seems there's a bug with the url line and HMAC generation. Not sure on why this is, but the widget comes up with a different password than the other two

Do you happen to be using HMAC-MD5? If not, can you tell me which HMAC you are using? Also you mentioned a bug in the URL line. What do you mean by that (besides not getting the right password)? What kind of bug?

Looking forward to your reply,
Eric

Title: HMAC bug
Post by: Guest on September 17, 2005, 02:19:27 AM

I tested with all (I plan on using the MD5 one) but it seems the HMAC part of all methods seems broken somehow. The only time I seem to get the correct password is if the url box is completely blank. I was able to look at the code and I didn't see anything right away that would be an issue.

Title: HMAC bug
Post by: Miquel 'Fire' Burns on September 17, 2005, 02:21:32 AM

Whoops, fastreply didn't have a name field. I just signed up for e-mail notification anyway

Title: HMAC bug
Post by: Eric H. Jung on September 17, 2005, 03:56:05 AM

Ok, I will take a look this weekend and post back here. Thanks for the heads-up. If you plan on using MD5, I recommend the 0.6 version, which retains leading zeros. The other version may shortly be removed because it's not "true MD5".

Title: HMAC bug
Post by: Eric H. Jung on September 17, 2005, 06:55:42 PM

Hi, miquelfire,
I cannot reproduce this. Can you provide a screenshot? Here's are screenshots I took showing all the HMACs. Click on one to see a larger image. Are you sure password length isn't zero?

(http://img89.imageshack.us/img89/3205/capture917200524518pm7ms.th.jpg) (http://img89.imageshack.us/my.php?image=capture917200524518pm7ms.jpg)
 
(http://img89.imageshack.us/img89/1629/capture917200524551pm6yd.th.jpg) (http://img89.imageshack.us/my.php?image=capture917200524551pm6yd.jpg)
 
(http://img89.imageshack.us/img89/1127/capture917200524603pm1ew.th.jpg) (http://img89.imageshack.us/my.php?image=capture917200524603pm1ew.jpg)
 
(http://img89.imageshack.us/img89/2548/capture917200524613pm3fe.th.jpg) (http://img89.imageshack.us/my.php?image=capture917200524613pm3fe.jpg)

Regards,
Eric

Title: HMAC bug
Post by: quixin on September 17, 2005, 08:24:40 PM

Eric,  I see the same problem.  See this screenshot.  On all HMAC Hash Algs.

(http://img50.imageshack.us/img50/1518/bug0ka.th.jpg) (http://img50.imageshack.us/my.php?image=bug0ka.jpg)

Title: HMAC bug
Post by: Eric H. Jung on September 17, 2005, 08:46:34 PM

Oh, I thought he said he didn't get any values at all for HMAC... now I see he's saying he's getting values, but they aren't correct. Thanks for the clarification. I'm on it.

Title: HMAC bug
Post by: Eric H. Jung on September 18, 2005, 03:32:19 PM

Hi,
This has been fixed in PasswordMaker for Konfabulator version 1.1. You can download it here (http://passwordmaker.org/konfabulator.html).

Regards,
Eric

Title: HMAC bug
Post by: Miquel 'Fire' Burns on September 19, 2005, 01:14:42 AM

Thanks.