[Date Prev][Date Next] [Chronological] [Thread] [Top]

DIGEST-MD5 and {nonce,cnonce}


	Another question. How to generate the nonce and cnonce. The draft
says they are implementation dependent, but should have at least 64 bits
of entropy. As far as I know as a security issue, the {c,}nonce should be
unpredictable. So, I am thinking to compute them as a MD5 hash of a struct
timeval returned by gettimeofday. AFAIK, gettimeofday is quite portable
(not POSIX, but SVR4 and BSD 4.3 support it), and it's impossible to
estimate the exact moment (and when I say exact I mean exact by 1e-6
seconds!) when the challenge/response occur. And hashing it should give me
the needed entropy.
	Anyone has a comment on that?