[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}

To: Mihai Ibanescu <misa@necomm.ro>
Subject: Re: DIGEST-MD5 and {nonce,cnonce}
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Mon, 25 Oct 1999 10:55:26 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.9910251617260.2056-100000@roadrunner.is.neco mm.ro>

At 04:25 PM 10/25/99 +0300, Mihai Ibanescu wrote:
>		Hello
>
>	Another question. How to generate the nonce and cnonce. The draft
>says they are implementation dependent, but should have at least 64 bits
>of entropy. As far as I know as a security issue, the {c,}nonce should be
>unpredictable. So, I am thinking to compute them as a MD5 hash of a struct
>timeval returned by gettimeofday. AFAIK, gettimeofday is quite portable
>(not POSIX, but SVR4 and BSD 4.3 support it), and it's impossible to
>estimate the exact moment (and when I say exact I mean exact by 1e-6
>seconds!) when the challenge/response occur. And hashing it should give me
>the needed entropy.

As noted by others, gettimeofday is not a good source of entropy.

I suggest that we implement routine in -llutil that uses appropriate
mechanisms (as detected through auto configuration) that return
the desired about of entropy.

	int lutil_entropy( char *buf, int nbtyes )
	/* returns nbytes of entropy in buf.  buf must be large
	 * enough to hold nbtytes of data.  lutil_entropy returns
	 * non-zero if unable to fulfill request.
	 */

I would recommend we look at other codes and "borrow" from them
as appropriate.

Kurt


----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

Follow-Ups:
- Re: DIGEST-MD5 and {nonce,cnonce}
  - From: Mihai Ibanescu <misa@necomm.ro>
- Re: DIGEST-MD5 and {nonce,cnonce}
  - From: Wes Morgan <morganw@engr.sc.edu>

Prev by Date: RE: DIGEST-MD5 and {nonce,cnonce} (fwd)
Next by Date: RE: DIGEST-MD5 and {nonce,cnonce} (fwd)
Index(es):
- Chronological
- Thread