[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DIGEST-MD5 and {nonce,cnonce}

> - Very wise, If you're really interested in the why's and wherefore's
> of how to generate entrophy, I suggest you read Bruce Schneier's 
> Applied Cryptography.

Actually, I did, right after it came out.  I skipped over the parts about
PRNG's and entropy, since I do not implement cryptographic systems meant
to be highly secure.

For most of my purposes, to generate cryptographic hashes, I feed a string
composed of the user's login, password, and the output of time() to MD5.
It's not random, but it's generated on the server, so you have to know
what time it is to the second on the server to be able to do anything with
it.  Not insurmountable, of course, but by the time an attacker could
retrieve a login/password pair, the hash has been regenerated (the hash is
regenerated by the server every few minutes or whenever the page is
reloaded, whichever comes first).
Ed Carp, N7EKG  	erc@pobox.com		940/367-2744 cell phone

Visit http://www.linux-usa.net - Plug-n-Go Linux servers for small business
                                 "Plug it in - Turn it on - You're Done!"