World: r3wp
[MySQL]
| older newer | first last |
| Pekr 9-Jan-2006 [351x2] | I just felt ppl feel frustrated about not being able to connect ... |
can I sum for you? | |
| Dockimbel 9-Jan-2006 [353x2] | I'll try to reuse your code for scrambling, it will save me time looking in the sources of MySQL server. |
Yes, please :-). | |
| Pekr 9-Jan-2006 [355] | OK, so first - handshake is not complete parsing full headers ... |
| Dockimbel 9-Jan-2006 [356] | I'm currently adding code to process the remaing headers. I'm retrieving the second part of the seed. |
| Pekr 9-Jan-2006 [357] | I added read-byte (charset), read-int (server-status), 13 skip (not-used), read-string (the rest of seed) |
| Dockimbel 9-Jan-2006 [358] | We agree ;) |
| Pekr 9-Jan-2006 [359] | so I extended also locals-class by those variables ... |
| Dockimbel 9-Jan-2006 [360x2] | ok |
I'll do the same | |
| Pekr 9-Jan-2006 [362x11] | next things, which can/or does not need to be solved is read-packet port following send-packed after handshake - IF the server is new one, but it does not use new passwords, it will reply with Oxfe |
but - maybe we don't need to care to do it so automatically..... | |
ppl will be happy to connect to new versions .... | |
we also found out, that new shceme uses sha1 .... which is ok with checksum/secure ... | |
however: if you look into scramble(), they use sha1_reset, input, result function calls, which is imo equivalent of rebol using ports - opening, inserting, copying the result ... all this is also equivalent to checksum/secure "my-string" .... but, in one place, they call sha1_input two times, and I dunno what it does mean ... | |
scheme used between client, server:
The new authentication is performed in following manner:
SERVER: public_seed=create_random_string()
send(public_seed)
CLIENT: recv(public_seed)
hash_stage1=sha1("password")
hash_stage2=sha1(hash_stage1)
reply=xor(hash_stage1, sha1(public_seed,hash_stage2)
// this three steps are done in scramble()
send(reply)
SERVER: recv(reply)
hash_stage1=xor(reply, sha1(public_seed,hash_stage2))
candidate_hash2=sha1(hash_stage1)
check(candidate_hash2==hash_stage2)
// this three steps are done in check_scramble()
| |
http://www.redferni.uklinux.net/mysql/MySQL-Protocol.html | |
http://dev.mysql.com/doc/refman/5.0/en/password-hashing.html | |
Now - sorry if I am breaking some licenses, but I will post some stuff to my website, and remove it once we are finished: http://www.rebol.cz/mysql/mysql-protocol.r http://www.rebol.cz/mysql/password.c | |
above some usefull links collected ... | |
btw- where do crypt-v10, hash-v10 and 9 come from? | |
| Dockimbel 9-Jan-2006 [373] | MySQL client sources |
| Pekr 9-Jan-2006 [374x2] | Did you implement your scrambler according some earlier mysql sources? |
I wonder if they will be needed ... | |
| Dockimbel 9-Jan-2006 [376x2] | from 3.x versions |
I'll keep them for ppl still using 3.x server versions | |
| Pekr 9-Jan-2006 [378x2] | rebol now has checksum/secure .... |
ok .... | |
| Dockimbel 9-Jan-2006 [380] | Is 'sha1 encoding available in free REBOL cores ? |
| Pekr 9-Jan-2006 [381x7] | the strange things is, there is long-password flag, but server somehow does not report it during negotiation ... |
yes, in cores - try help checksum ... wait a bit ... | |
>> help checksum
USAGE:
CHECKSUM data /tcp /secure /hash size /method word /key key-value
DESCRIPTION:
Returns a CRC or other type of checksum.
CHECKSUM is a native value.
ARGUMENTS:
data -- Data to checksum (Type: any-string)
REFINEMENTS:
/tcp -- Returns an Internet TCP 16-bit checksum.
/secure -- Returns a cryptographically secure checksum.
/hash -- Returns a hash value
size -- Size of the hash table (Type: integer)
/method -- Method to use
word -- Method: SHA1 MD5 (Type: word)
/key -- Returns keyed HMAC value
key-value -- Key to use (Type: any-string)
| |
so basically checksum/secure checksum/secure "mypass" gives exactly the same result as in mysql doc page posted above..... | |
however, the trouble imo comes from sha1(public-seed, hash_stage2) ... it calls two times sha1_input, without reading out the result first ... I am afraid that maybe we will have to reimplement all hashing functions in rebol now? | |
btw - I put following code into handshake: read-string (pl/long-seed: join sys-copy pl/crypt-seed string) to end simply to not affect old functionality ... | |
well, and that's all I was capable of so far :-) | |
| Dockimbel 9-Jan-2006 [388] | Ok, thanks for all the info. I'm working on it... |
| Pekr 9-Jan-2006 [389] | cool! ppl will surely appreciate it - rebol without free mySQL scheme is kind of show stopper for some of them :-) |
| Volker 9-Jan-2006 [390] | sha_input: http://www.distlab.dk/mysql-4.1/html/mysys_2sha1_8c-source.html#l00179 Seems the two inputs are like a join. Usefull this way if one hashes files withput loading everything in memory. |
| Pekr 9-Jan-2006 [391] | join? |
| Volker 9-Jan-2006 [392x2] | Accepts an array of octets as the next portion of the message. |
if you do two such inputs, it should be like checksum/secure join part1 part2 | |
| Pekr 9-Jan-2006 [394x3] | scramble-long: func [pass port][
hash-stage1: checksum/secure pass
hash-stage2: checksum/secure hash-stage1
to-string xor hash-stage1 (checksum/secure port/locals/long-seed
hash-stage2) ;.--- what to do here?
]
|
aha ... | |
bad handshake :-) | |
| Volker 9-Jan-2006 [397x2] | grrr :) |
Is the above your code? (checksum/secure port/locals/long-seed hash-stage2) -> ( (checksum/secure port/locals/long-seed) (hash-stage2) ) did you forget a join or something? | |
| Pekr 9-Jan-2006 [399] | huh, connected? :-) |
| Volker 9-Jan-2006 [400] | really? :) |
| older newer | first last |