W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Some comments on Digest Auth

From: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
Date: Wed, 21 Jan 98 18:05:14 EST
Message-Id: <199801212335.AA11604@reston.vmd.sterling.com>
To: http-wg@cuckoo.hpl.hp.com
Paul Leach <paulle@microsoft.com> writes:

>>   More important for the current discussion... the standard should not
>>   specify how nonces are constructed.  There are very good reasons for
>>   this:
>>
>>     - Any specified algorithm (no matter how clever) tells an attacker
>>       how the nonce space is limited, thereby weakening the security.
>>
>If it's "limited" to a space of, say, 128 bits, that's adequate to cause
>brute force attacks to take millions of years. Not a problem.  Besides
>which, I carefully said that the nonce _contains_ a time stamp, not that it
>_is_ a timestamp; any server can always include any additional random bits
>that it wants to make the space as big as it would like.

RFC 2069, while suggesting that a good nonce value might involve a timestamp,
does not specify what form a timestamp should take.  I dare say that some of
us will use the System/370 64-bit clock, while others of you will use an
<asctime-date> or even a Triple-DES-encrypted <rfc850-date> with a reading
from the Gita as the key.  All are perfectly valid, and unpredictable from the
spec.  While a particular variety of server may have a limited set of nonces,
the HTTP world will not.  At least, not unless you count Apache's market share
;-)

Ross Patterson
Sterling Software, Inc.
VM Software Division
Received on Wednesday, 21 January 1998 15:33:17 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:11 EDT