Solution of DIGEST-MD5 problem with Smack
Solution : DIGEST-MD5 problem with Smack
You Can't connect to XMPP server in Smack ???!!
The connection is made, the user is logged in. When I use 3.1.0b the third line couse an error:. "SASL authentication failed using mechanism DIGEST-MD5:".
There are some errors :
SASL authentication failed using mechanism DIGEST-MD5SASL authentication failed using mechanism PLAIN:at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:325)at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395)at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:349)
an other error:java.lang.NullPointerExceptionat org.jivesoftware.smack.util.Base64.encodeBytes(Base64.java:636)at org.jivesoftware.smack.sasl.SASLMechanism.challengeReceived(SASLMechanism.java:152)at org.jivesoftware.smack.SASLAuthentication.challengeReceived(SASLAuthentication.java:492)at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:338)at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:76)
an other Error:not-allowed(405) Connection must be encrypted.
at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication .java:78)at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:352)at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:395)
at ClientTestProxy.main(ClientTestProxy.java:36)
This is the solution:
Here you find the solution of DIGEST-MD5 with Smack 3.1.0 .
Applied updated smack patches from Eric Sessomsto fix digest md5 issues with XMPP thanks\!
./lib/smack.jar
./lib/smackx.jar
more information about MD5:
In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. As an Internetstandard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity offiles. However, it has been shown that MD5 is not collision resistant[1]; as such, MD5 is not suitable for applications like SSL certificates ordigital signatures that rely on this property. An MD5 hash is typically expressed as a 32 digit hexadecimal number.
MD5 was designed by Ron Rivest in 1991 to replace an earlier hash function, MD4. In 1996, a flaw was found with the design of MD5. While it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable). In 2004, more serious flaws were discovered, making further use of the algorithm for security purposes questionable.[2][3] In 2007 a group of researchers including Arjen Lenstra described how to create a pair of files that share the same MD5 checksum.[4] In an attack on MD5 published in December 2008, a group of researchers used this technique to fake SSL certificate validity.[5][6] US-CERT of the the U. S.Department of Homeland Security said MD5 "should be considered cryptographically broken and unsuitable for further use,"[7] and most U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010.[8]
Comments
Hi,
I am having the same issue with the Smack API and Openfire and would love to get the patches. However. the links are all dead. Can you re-upload the patches again? Thanks.
i'm sorry for being late
here you can download the files
Hi, the urls above can't be access now, can you send these jar file to me? My Email is henochim@gmail.com.
Thank you very much.
Hi, the urls above can't be access now, can you send these jar file to me? My Email is henochim@gmail.com.
Thank you very much.
The links were fixed , enjoy
can you send these files to me?
leman.zk@gmail.com
thank you very much
John 2 years ago
I am having the same issue while trying to send a SHA-256 hashed string to the OpenFire server. I tried to download the patches but the links are no longer valid. Can you re-upload the patches? Thanks