"+" bug in mac_key?

Wechsler wechsler at phase.org
Tue Aug 2 14:29:55 PDT 2005


Long shot:

I've got a smart mode consumer, written in PHP, that seems to be working 
in the main, but every so often the HMAC_SHA1 signature from the server 
won't match the one I generate.

Every time this has happened, the raw openid mac_key I've received by 
association has a plus (+) in it. This key is stored in a MySQL database 
(could this corrupt in in any way?), and the ones that have failed are:

PF+MFObP6aGEMA1hul5Y7WY+4Jo=
VJjofcv5SHf/LYSo6lPdZtkD+PU=
X+WsOnVw+u+audJ4K5o/WRV90Ck=

The code uses GMP support for the HMAC and DH code, and uses PHP's 
pack() function (which I've seen to be flaky in the past). If anyone 
knows of any flaws with these, I'd love to hear about it. Equally, if 
anyone wants to see the (still somewhat clunky) code, let me know.

Now, I appreciate that this is a bit of a weird bug, but I thought I'd 
throw it into the mix and see if it meant anything to anyone.

TIA,
	Wechsler


More information about the yadis mailing list