UAM secret and challenge password encoding

[PWJW]

When using the uam_secret option within uspot, and an external splash page, the following URL parameters are appended:

challenge and MD

On the server side, when the logon request is made to http://10.0.0.1:3900/logon?username=abc&password=123 how should I be encoding the password from the configred uam_secret?

Coming from coovachilli, this is what we used to return the password to the login URL above:

$challenge = md5(pack('H*', $challenge) . $uamSecret, true);

        while (strlen($challenge) < strlen($password)) {
            $challenge .= $challenge;
        }

        return unpack('H*', substr($password ^ $challenge, 0, strlen($password)))[1];

I am guessing we should be doing something different for uspot?

Thanks

[f00b4r0]

Coming from coovachilli, this is what we used to return the password to the login URL above:

$challenge = md5(pack('H*', $challenge) . $uamSecret, true);

        while (strlen($challenge) < strlen($password)) {
            $challenge .= $challenge;
        }

        return unpack('H*', substr($password ^ $challenge, 0, strlen($password)))[1];

I am guessing we should be doing something different for uspot?

uspot is a drop-in replacement to coovachilli in most cases (my test setup involves mixed coova/uspot clients), so presumably this should work as is.