Potential IDPrism problem

Nathan D. Bowen nbowen+yadis at andtonic.com
Thu Jun 30 13:14:53 PDT 2005

Taral wrote:

>It shouldn't need padding. You're XORing two 20-byte strings together
>and then encoding them.
Depending on the values of those two 20-byte strings, the XOR might 
result in a value that *could* be represented in fewer than 20 bytes. 
Whether or not it *is* represented with fewer than 20 bytes would be 
dependent on the implementation. So some implementations might need to 
pad the result of the XOR to get 20 bytes.

My perl's rusty, but from my understanding, Net::OpenID::Server is 
another example of a server that will send 19 bytes if it XORs two 
values that happen to begin with the same 8 bits.

However, it's not just a coincidence that the IDPrism server is where 
this problem showed up. That installation is using the DH secret as the 
MAC secret, so the proper value for enc_mac_key is 0.

I haven't seen any other consumer fail because it didn't receive 20 
bytes in the enc_mac_key, but I made the change because I assume that 
*every* consumer will be happy with 20 bytes.

I'm not sure the spec is clear on the correctness of sending fewer than 
20 bytes, but from a standpoint of robustness I'd say that server 
implementors would always want to send 20; consumer implementors would 
always want to accept fewer.

More information about the yadis mailing list