2.2.2.4 Password

The Password message is sent twice when a Requestor is attempting to authenticate by way of a password. It is first sent in the initial packet following the Hello message. In this case, the password field is empty (Password Data Length is 0), and is used as an indication that the authentication will require a password, and the GMC MUST be generated. It is used a second time after the Authenticator sends its GMC. In this case, the message contains the Password Data as proof of password knowledge.


0


1


2


3


4


5


6


7


8


9

1
0


1


2


3


4


5


6


7


8


9

2
0


1


2


3


4


5


6


7


8


9

3
0


1

Message Type

Password Data Length

...

Password Data (variable)

...

Message Type (2 bytes): The type of message being sent, in big-endian byte order. For a Password message, the type MUST be 0x0005.

Password Data Length (4 bytes): An unsigned binary integer containing the length of the Password Data which follows, in big-endian byte order. If the Password Data field is absent, then the value of the field MUST be 0x0000.

Password Data (variable): The SHA-1 hash of the Password Hash String defined in section 2.2.1.2 (including NULL-terminator) concatenated with the Requestor's Peer Name Unicode string (including NULL-terminator) in that order. This field MUST NOT be present if the Password Data Length is 0.