3.1.5.1 Deriving a Password

When a password is derived from the connection string, only certain characters from the English alphabet and digits are used. The string "BCDFGHJKLMNPQRSTVWXYZ23456789", which is referred to as the Allowed Characters string, is used to define the only usable characters for deriving a password. The derived password MUST be 6 characters in length.

The password that is used, both to encrypt the connection string and as the basis for generating a Peer Name, MUST be created by using the following algorithm:

  1. Copy the Unicode connection string, not including any terminating NULL character, into a byte buffer that is referred to as hash input. If the connection string is longer than 8,000 bytes, copy only the first 8,000 bytes into the buffer. The hash input size is always the buffer size of the Unicode connection string (or 8,000 bytes, whichever is smaller), plus 20 additional bytes that are used for the hash result in the following steps. For the initial hash input, the 20 bytes that are used in subsequent steps for the hash result MUST be set to zero.

  2. Use the SHA-1 hash algorithm, as specified in [FIPS180-2], to derive a value that is referred to as a hash result from the hash input.

  3. Concatenate the hash result to the original connection string and copy the result into the hash input.

  4. Repeat steps 2 and 3 for 99,999 times, for a total of 100,000 hash operations.

  5. For each of the first 6 bytes derived from the hash result that is obtained from the 100,000th iteration, convert the byte value into an index into the Allowed Characters string by using the following formula:

     Index=FLOOR((Derived Byte/256.0)*Character Length of Allowed Characters)
    

    The FLOOR function returns the largest integer that is less than or equal to the resultant floating-point value of the previous expression. The values for Index, Derived Byte, and Character Length of Allowed Characters MUST be integers.

  6. For each of these calculated indexes, convert the index into a letter or number by indexing into the Allowed Characters string.

  7. The password is a concatenation of these 6 letters.