Andrew Ducker (andrewducker) wrote in lj_dev,
Andrew Ducker
andrewducker
lj_dev

MD5 hashes and case sensitivity

Just writing my own LJ client in C# and was bumping into a strange problem with the challenge/response method of logging in.

If I hashed the password and sent that as an hpassword it worked fine, but taking that hash, adding it to the challenge, hashing _that_ and sending it wasn't working.  Which was odd, because all of the sample code I was seeing did that without a problem.

And then I nicked some working code from ljArchive and compared my results with its results and discovered that LJ cares about the case of the hash when it's checking the auth_response.  It _must_ be in lower case - which was why my code was failing, as I was using the .Net method FormsAuthentication.HashPasswordForStoringInConfigFile(plainText, "MD5") - and that returns upper case text.

If someone could update http://www.livejournal.com/doc/server/ljp.csp.auth.challresp.html to mention that the hex digest has to be in lower case it will undoubtedly save someone else a few hours of hair-pulling...

Cheers!
Tags: client, client: sessions, code: c#
Subscribe

  • cl-journal livejournal client

    Hey everyone, I'd like to present a livejournal client that I wrote to fulfill my needs but maybe there are other people that can find it…

  • SessionGenerate and ljloggedin

    Are there any information after release 86 and changes in cookies scheme to use sessiongenerate? It returns ljsession key, but this key is not enough…

  • Retrieving comments

    Hi, Is there a way to retrieve a list of comments made by user XXX (which may or may be not the currently logged in user) in the journals of users…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 9 comments