[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}

To: Mihai Ibanescu <misa@necomm.ro>
Subject: Re: DIGEST-MD5 and {nonce,cnonce}
From: Allen Reese <allen@driversoft.com>
Date: Mon, 25 Oct 1999 12:17:14 -0600 (MDT)
Cc: "Kurt D. Zeilenga" <kurt@boolean.net>, openldap-devel@OpenLDAP.org
In-reply-to: <Pine.LNX.4.10.9910252057210.2056-100000@roadrunner.is.necomm.ro>

An alternative to /dev/random is GNU egd entropy gathering daemon.  It is
wha tyou have to install to use GNU pg (privacy guard) if you don't have
/dev/random.

Unfortunately it is GPL and that may conflict with some people and or
licenses....

Allen Reese
Senior Software Engineer
Driversoft, Inc.
allen@driversoft.com

On Mon, 25 Oct 1999, Mihai Ibanescu wrote:

> On Mon, 25 Oct 1999, Kurt D. Zeilenga wrote:
> 
> > At 04:25 PM 10/25/99 +0300, Mihai Ibanescu wrote:
> > >		Hello
> > >
> > >	Another question. How to generate the nonce and cnonce. The draft
> > >says they are implementation dependent, but should have at least 64 bits
> > >of entropy. As far as I know as a security issue, the {c,}nonce should be
> > >unpredictable. So, I am thinking to compute them as a MD5 hash of a struct
> > >timeval returned by gettimeofday. AFAIK, gettimeofday is quite portable
> > >(not POSIX, but SVR4 and BSD 4.3 support it), and it's impossible to
> > >estimate the exact moment (and when I say exact I mean exact by 1e-6
> > >seconds!) when the challenge/response occur. And hashing it should give me
> > >the needed entropy.
> > 
> > As noted by others, gettimeofday is not a good source of entropy.
> > 
> > I suggest that we implement routine in -llutil that uses appropriate
> > mechanisms (as detected through auto configuration) that return
> > the desired about of entropy.
> > 
> > 	int lutil_entropy( char *buf, int nbtyes )
> > 	/* returns nbytes of entropy in buf.  buf must be large
> > 	 * enough to hold nbtytes of data.  lutil_entropy returns
> > 	 * non-zero if unable to fulfill request.
> > 	 */
> > 
> > I would recommend we look at other codes and "borrow" from them
> > as appropriate.
> 
> 	Okay, I already have seen propositions on some options
> (/dev/random, which seems the most reliable, and a PRNG started with a
> seed derived from gettimeofday, all of them hashed with MD5 or something
> like that). Any other alternatives?
> 	I'd like to implement it. 
> 
> Thanks,
> Misa
> 
>

References:
- Re: DIGEST-MD5 and {nonce,cnonce}
  - From: Mihai Ibanescu <misa@necomm.ro>

Prev by Date: Re: DIGEST-MD5 and {nonce,cnonce}
Next by Date: Re: DIGEST-MD5 and the draft
Index(es):
- Chronological
- Thread