[mono-vb] Need a second opinion
Quandary
quandary82 at hailmail.net
Fri Jul 30 19:23:23 EDT 2010
I'd like to have a second opinon on encoding problem:
Basically it's C# and not VB, but since it concerns the mono-runtime,
it's just as relevant here.
I've downloaded and tried to run
http://www.lumisoft.ee/lswww/Download/Downloads/MailServer/
on my Ubuntu 10.04 server.
The author claims he has tested it on Suse Linux with the 0.94 release,
and that it worked.
However, I had to correct all the bugs listed here to get the latest
version working:
http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673
<http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673>
I was debugging (without step-through...) this issue all friday evening,
until I found the reason.
It turned out the "bug" was the way the Mailserver's developer converted
the HmacMd5 to a hex string...
Now in my opinion, his line:
return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
is plain wrong, because this causes the byte array to be converted into
a different encoding on each operating system (1252 on my windows 7,
UTF-8 on Ubuntu), and the mailserver's programmer then calculates the
hex string from the string hash with the operating-system specific encoding.
Now since it works with the encoding change on Windows (but not on
Linux), I'm not sure anymore whether I am right, or whether the server's
programmer is right, which would mean that the encoding-bug is a bug in
mono.
I've isolated the code in question below, just switch bCorrectedVersion
between true and false, and watch how the hash is different on Windows
vs. Linux when one switches bCorrectedVersion to false...
BTW, this is the hash used to authenticate pop3/smtp, so it definitely
is not good when it's different...
(That was the issue that kept all my get/send mail request to and from
the server failing, because authentication failed...)
Who is right ?
Below is the code in question to reproduce the issue:
private void button1_Click(object sender, EventArgs e)
{
string m_Key = "TestKey1";
string result_Password = "TestUser1";
string hash = "";
bool bCorrectedVersion = true;
if(bCorrectedVersion)
hash = HmacMd5_corrected(m_Key, result_Password);
else
hash = Net_Utils_ToHex(HmacMd5(m_Key, result_Password));
this.textBox2.Text = "Hash: " + hash;
}
public static string Net_Utils_ToHex(string text)
{
if (text == null)
{
throw new ArgumentNullException("text");
}
// Default encoding: Windows 1252, Linux UTF-8
return
BitConverter.ToString(Encoding.Default.GetBytes(text)).ToLower().Replace("-","");
}
// corrected version of original
private string HmacMd5_corrected(string hashKey, string text)
{
System.Security.Cryptography.HMACMD5 kMd5 = new
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));
string strHash = "";
foreach (byte x in
kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)))
{
strHash += x.ToString("x2");
}
return strHash;
//return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
}
// original
private string HmacMd5(string hashKey, string text)
{
System.Security.Cryptography.HMACMD5 kMd5 = new
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));
return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
}
More information about the Mono-vb
mailing list