W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1998

Re: Some comments on Digest Auth

From: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
Date: Wed, 21 Jan 98 18:05:14 EST
Message-Id: <199801212335.AA11604@reston.vmd.sterling.com>
To: http-wg@cuckoo.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/5261
Paul Leach <paulle@microsoft.com> writes:

>>   More important for the current discussion... the standard should not
>>   specify how nonces are constructed.  There are very good reasons for
>>   this:
>>     - Any specified algorithm (no matter how clever) tells an attacker
>>       how the nonce space is limited, thereby weakening the security.
>If it's "limited" to a space of, say, 128 bits, that's adequate to cause
>brute force attacks to take millions of years. Not a problem.  Besides
>which, I carefully said that the nonce _contains_ a time stamp, not that it
>_is_ a timestamp; any server can always include any additional random bits
>that it wants to make the space as big as it would like.

RFC 2069, while suggesting that a good nonce value might involve a timestamp,
does not specify what form a timestamp should take.  I dare say that some of
us will use the System/370 64-bit clock, while others of you will use an
<asctime-date> or even a Triple-DES-encrypted <rfc850-date> with a reading
from the Gita as the key.  All are perfectly valid, and unpredictable from the
spec.  While a particular variety of server may have a limited set of nonces,
the HTTP world will not.  At least, not unless you count Apache's market share

Ross Patterson
Sterling Software, Inc.
VM Software Division
Received on Wednesday, 21 January 1998 15:33:17 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:22 UTC