Subj : FTS-1027 Section 1.7 CRAM-MD5 Frame Exchange Example
To   : All
From : Jason Brady
Date : Tue Apr 23 2024 04:11 pm

Hello All,

Question regarding FTS-1027 section 1.7 "Example of Frame Exchange During CRAM Authentication"

In the example, the Originating side returns

  M_PWD "CRAM-MD5-56be002162a4a15ba7a9064f0c93fd00"

This hex value appears to be incorrect. I tested with two implementations of the CRAM-MD5 algorithm, and in both cases, the same hex value was calculated using the password and challenge hex string from the example, which differed from the value shown in the document.

Password:   tanstaaftanstaaf
Challenge:  f0315b074d728d483d6887d0182fc328
Expected:   56be002162a4a15ba7a9064f0c93fd00  <- From section 1.7 example
Result:     1503922bb6a38bc934bca7afeb522d28  <- From both MD5 algorithms

Which is correct - the value shown in section 1.7 or the test result value?

Thank you,
Jason Brady

--- PCF2OBM 1.3  OpenVMS AXP 8.4-2L1
 * Origin: Shady Labs (1:218/910)

.