[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}



On Mon, 25 Oct 1999, Kurt D. Zeilenga wrote:

> At 04:25 PM 10/25/99 +0300, Mihai Ibanescu wrote:
> >		Hello
> >
> >	Another question. How to generate the nonce and cnonce. The draft
> >says they are implementation dependent, but should have at least 64 bits
> >of entropy. As far as I know as a security issue, the {c,}nonce should be
> >unpredictable. So, I am thinking to compute them as a MD5 hash of a struct
> >timeval returned by gettimeofday. AFAIK, gettimeofday is quite portable
> >(not POSIX, but SVR4 and BSD 4.3 support it), and it's impossible to
> >estimate the exact moment (and when I say exact I mean exact by 1e-6
> >seconds!) when the challenge/response occur. And hashing it should give me
> >the needed entropy.
> 
> As noted by others, gettimeofday is not a good source of entropy.
> 
> I suggest that we implement routine in -llutil that uses appropriate
> mechanisms (as detected through auto configuration) that return
> the desired about of entropy.
> 
> 	int lutil_entropy( char *buf, int nbtyes )
> 	/* returns nbytes of entropy in buf.  buf must be large
> 	 * enough to hold nbtytes of data.  lutil_entropy returns
> 	 * non-zero if unable to fulfill request.
> 	 */
> 
> I would recommend we look at other codes and "borrow" from them
> as appropriate.

My recommendation for code to 'borrow' would be the entropy code from
ssh-1 (ssh2 is under less free licensing). It should be fairly portable as
well.


-- 
                                           _ __ ___ ____  ___ ___ ___
          Wesley N Morgan                       _ __ ___ | _ ) __|   \
          morganw@engr.sc.edu                       _ __ | _ \._ \ |) |
          FreeBSD: The Power To Serve                  _ |___/___/___/
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!