|
LoginPasswordHash
When logging into AIM, the user's password is never actually sent to the server. Without any sort of protection (such as SSL), doing so would be unsafe, as it would allow someone to easily discover a user's password. Old password hashingBefore AIM 5.2, the password was encrypted by taking an Md5Hash of the authentication key provided by the server, the password (encoded as US-ASCII), and the string "AOL Instant Messenger (SM)", also as US-ASCII. This sixteen-byte MD5 hashblock was then sent as the encrypted password block. To encode this way in Java, you could use code like the following: {{{#!code java // we assume this is defined String pass; // the user's password byte key; // the authentication key data provided by the server byte passBytes; byte aimsmBytes; try { passBytes = pass.getBytes("US-ASCII"); aimsmBytes = "AOL Instant Messenger (SM)".getBytes("US-ASCII");} catch (UnsupportedEncodingException impossible) { // every VM is required to support US-ASCII} MessageDigest md5; try { md5 = MessageDigest.getInstance("MD5");} catch (NoSuchAlgorithmException impossible) { // the default provider always supports MD5} md5.update(key); md5.update(passBytes); md5.update(aimsmBytes); |
► Sign in to add a comment
That way didn't work for me so i researched and found out that you have to prehash the password byte passBytes; byte aimsmBytes; try {
} catch (UnsupportedEncodingException? impossible) {
}
MessageDigest? md5; try {
} catch (NoSuchAlgorithmException? impossible) {
} md52.update(passBytes); md5.update(key); md5.update(md52.digest()); md5.update(aimsmBytes);
byte encryptedPass = md5.digest();