"+" bug in mac_key?
Wechsler
wechsler at phase.org
Tue Aug 2 14:29:55 PDT 2005
Long shot:
I've got a smart mode consumer, written in PHP, that seems to be working
in the main, but every so often the HMAC_SHA1 signature from the server
won't match the one I generate.
Every time this has happened, the raw openid mac_key I've received by
association has a plus (+) in it. This key is stored in a MySQL database
(could this corrupt in in any way?), and the ones that have failed are:
PF+MFObP6aGEMA1hul5Y7WY+4Jo=
VJjofcv5SHf/LYSo6lPdZtkD+PU=
X+WsOnVw+u+audJ4K5o/WRV90Ck=
The code uses GMP support for the HMAC and DH code, and uses PHP's
pack() function (which I've seen to be flaky in the past). If anyone
knows of any flaws with these, I'd love to hear about it. Equally, if
anyone wants to see the (still somewhat clunky) code, let me know.
Now, I appreciate that this is a bit of a weird bug, but I thought I'd
throw it into the mix and see if it meant anything to anyone.
TIA,
Wechsler
More information about the yadis
mailing list