Explanations on Hmac User Authentication

Question

I'm trying to implement the authentication system explains in this article Hmac User Authentication.

I don't understand the following part :

Server sends back: let MESSAGE = (USERNAME,REALM,SALT,SESSIONID,ENCRYPTED_SESSION_KEY) in auth:(MESSAGE,HMAC(SHA1,PASSHASH,MESSAGE)).

I don't know how to generate the SESSIONID and the ENCRYPTED_SESSION_KEY. And what is the "auth" ?

score 0 · Answer 1 · answered Jun 06 '13 at 07:19

As there was no answer to my question, I give the solution I am using.

In my case, I replaced SESSION_ID by a timestamp. I generated the ENCRYPTED_SESSION_KEY with HMAC(SHA1, PASSHASH, SESSION_ID). And finally "auth" is a json response.

Hope, it helps someone hitting this page.

Explanations on Hmac User Authentication

1 Answers1