COMMENT: Monitor Version 2.2 REQUIRE: IDENT WAITING:A possible response is
IDENT franco_1The Monitor then sends
REQUIRE: PASSWORD WAITING:A possible response is
PASSWORD 0/G^f)_W9-r'Td.pD=D::0o+YfL-d-m>ia\*7i;@'7The monitor sends back something like this:
RESULT: PASSWORD 8QQVEJGSJWQ7IGQ0EUB REQUIRE: HOST_PORT WAITING:The value 8QQVEJGSJWQ7IGQ0EUB is called the monitor password or the cookie. It is needed to log in to the monitor when an ALIVE is received. For example, the monitor sends
REQUIRE: ALIVE WAITING:and the response of the player (either the active client or passive server - either one may alive itself) is
ALIVE 8QQVEJGSJWQ7IGQ0EUB
Checksum:
The purpose of the checksum is to authenticate the monitor. The
message group
PARTICIPANT_PASSWORD_CHECKSUM: 1ead131dd863da2ef558580d29080af8effa6d7 RESULT: IDENT REQUIRE: ALIVE WAITING:contains the checksum. It is the user's responsibility to use the checksum to authenticate the monitor before proceeding with the ALIVE. The checksum is a SHA-1 digest of the participant's password, represented in hexadecimal. If the checksum matches the hash of the password, the player can be assured that whatever it is talking to knows its password (well, maybe the password was stolen - but hopefully not). You might use code such as the following to make this check (I have not checked this but it has the important characteristics such as BigInteger(1,md.digest()), and big.toString(16), and equals instead of ==:
public boolean Verify(String passwd, String chksum)
try {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(passwd.toUpperCase().getBytes());
BigInteger big = new BigInteger(1,md.digest());
if ((big.toString(16).equals(chksum.trim()))) return true;
} catch (NoSuchAlgorithmException e) { }
return false;
}