> > You would use the same flags in the type 3 message; in fact, you could
> > probably get away with using the Win9x-style type 3 message (which leaves
> > off the session key and flags altogether).
>
> The weird thing here is that I tried sending the username "unicodified" in the
> type-3 (even though I set it to OEM in the type-1) and it still worked. Then I
> made it an OEM one and that works too...
>

Hmm. That is interesting -- I was in a discussion recently about whether the
Type 3 flags really had any meaning at all (since as far as we can tell, all
relevant negotiate takes place in the Type 1 and 2 messages, and older clients
don't send the Type 3 flags anyway). This would seem to be a notch in the
"doesn't matter" column. I'll take this back as a point for investigation.

>
> Want some feedback on your document?

Yes, very much so -- it is a work in progress, and I am actively seeking
input.

> * The hash algorithms are tricky to follow as they're written in plain
> english. The kind of pseudo-code available in the innovation page is a lot
> easier (at least to my thick head). In fact, you could even include working
> C code (using OpenSSL or similar).
>

I will put something together for the next update (probably in a few days).
Thanks again!

Eric

-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Received on 2003-06-24