Open DavidBittner opened 4 years ago
ibnesayeed
commented
4 years ago Unlike the basic auth, in digest auth we store hash of <username>:<realm>:<password> in the config file not the has of the password. We discussed last week's lecture while revisiting assignment 4 and Auth lecture slides.
$ echo -n "mln" | md5sum
ae33d20c70e59a4c734d9f2c19c0df56 -
$ echo -n "mln:Colonial Place:mln" | md5sum
53bbb5135e0f39c1eb54804a66a95f08 -
DavidBittner
commented
4 years ago Thanks! Good example of something I would've picked up in class. I'll make sure to be there next Thursday. Have a great weekend!
ibnesayeed
commented
4 years ago Since we are using this as a discussion board and not bug tracker, I would keep it open, but add a the Resolved label to it.
Hello,
There appears to be an issue in the
cs531a4: test_correct_realm_authorized. No matter what I changed, I could not seem to get the right hash. I decided to look at the source code of the tester itself that you have on your GitHub, and looking at line 21, a1 is generated using the string "mln:Colonial Place:mln".Assuming that last field there,
mlnis supposed to be the password, the password supplied in ourWeMustProtectThisHouse!file says the password is53bbb5135e0f39c1eb54804a66a95f08. If I changed my a1 to hardcode the string value that I found in the source of the HttpTester it works fine.Is this just a small mistake? Or am I misunderstanding how we grab the password?
Thanks a ton, David