W3C home > Mailing lists > Public > xml-encryption@w3.org > July 2001

Re: proposed Nonce attribute

From: Joseph Ashwood <jashwood@arcot.com>
Date: Tue, 3 Jul 2001 11:22:02 -0700
Message-ID: <0a7001c103f0$42b7f130$2a0210ac@livermore>
To: "Amir Herzberg" <AMIR@newgenpay.com>, "'Donald E. Eastlake 3rd'" <dee3@torque.pothole.com>, "Public XML Encryption List" <xml-encryption@w3.org>
----- Original Message -----
From: "Amir Herzberg" <AMIR@newgenpay.com>
> Nonce is usually used for a challenge. I prefer to use `salt` or
> `randomizer` for a value whose only goal is to increase entropy.

Actually 'nonce' is used for the introduction of a one time random value
that may or may not be public. A 'salt' is a long term repeated use value,
commonly used in association with password verification, it is public, and
it's use is simply to make dictionary attacks harder. 'Randomizer' is
basically unused, so it would be acceptable, but I would prefer 'nonce'.
                        Joe
Received on Tuesday, 3 July 2001 14:45:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT