Author Topic: HMAC bug  (Read 21142 times)

MiquelFire

  • Guest
HMAC bug
« on: September 17, 2005, 01:29:28 AM »
Just downloaded the Konfabulator Widget today to get that a whirl for a desktop app. As a test, I used the online version (which I downloaded) and the Firefox extension 0.7.3 (the Firefox updater is being slow it seems...) to see if I can make a matching configuration. Thing is, it seems there's a bug with the url line and HMAC generation. Not sure on why this is, but the widget comes up with a different password than the other two. As of now, this puts me in a position where I can't switch (I need a desktop app that starts quick for my use)
« Last Edit: February 02, 2006, 06:53:38 PM by Eric H. Jung »

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HMAC bug
« Reply #1 on: September 17, 2005, 01:41:04 AM »
Hi MiquelFire,
Quote
(I need a desktop app that starts quick for my use)
Firstly, let me tell you that there will shortly be other desktop options beside the Konfabulator widget and downloaded HTML page.

Quote
Thing is, it seems there's a bug with the url line and HMAC generation. Not sure on why this is, but the widget comes up with a different password than the other two
Do you happen to be using HMAC-MD5? If not, can you tell me which HMAC you are using? Also you mentioned a bug in the URL line. What do you mean by that (besides not getting the right password)? What kind of bug?

Looking forward to your reply,
Eric

Guest

  • Guest
HMAC bug
« Reply #2 on: September 17, 2005, 02:19:27 AM »
I tested with all (I plan on using the MD5 one) but it seems the HMAC part of all methods seems broken somehow. The only time I seem to get the correct password is if the url box is completely blank. I was able to look at the code and I didn't see anything right away that would be an issue.

Online Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HMAC bug
« Reply #3 on: September 17, 2005, 02:21:32 AM »
Whoops, fastreply didn't have a name field. I just signed up for e-mail notification anyway
"I'm not drunk, just sleep deprived."

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HMAC bug
« Reply #4 on: September 17, 2005, 03:56:05 AM »
Ok, I will take a look this weekend and post back here. Thanks for the heads-up. If you plan on using MD5, I recommend the 0.6 version, which retains leading zeros. The other version may shortly be removed because it's not "true MD5".

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HMAC bug
« Reply #5 on: September 17, 2005, 06:55:42 PM »
Hi, miquelfire,
I cannot reproduce this. Can you provide a screenshot? Here's are screenshots I took showing all the HMACs. Click on one to see a larger image. Are you sure password length isn't zero?


 

 

 


Regards,
Eric

Offline quixin

  • Hero Member
  • *****
  • Posts: 538
HMAC bug
« Reply #6 on: September 17, 2005, 08:24:40 PM »
Eric,  I see the same problem.  See this screenshot.  On all HMAC Hash Algs.




Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HMAC bug
« Reply #7 on: September 17, 2005, 08:46:34 PM »
Oh, I thought he said he didn't get any values at all for HMAC... now I see he's saying he's getting values, but they aren't correct. Thanks for the clarification. I'm on it.

Offline Eric H. Jung

  • grimholtz
  • Administrator
  • *****
  • Posts: 3353
HMAC bug
« Reply #8 on: September 18, 2005, 03:32:19 PM »
Hi,
This has been fixed in PasswordMaker for Konfabulator version 1.1. You can download it here.

Regards,
Eric

Online Miquel 'Fire' Burns

  • Administrator
  • *****
  • Posts: 1157
  • Programmer
HMAC bug
« Reply #9 on: September 19, 2005, 01:14:42 AM »
Thanks.
"I'm not drunk, just sleep deprived."

PasswordMaker Forums

HMAC bug
« Reply #9 on: September 19, 2005, 01:14:42 AM »