[krbdev.mit.edu #5425] nonce needs to be random
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Sun Feb 4 21:01:33 EST 2007
On Feb 1, 2007, at 11:48, Ezra Peisach via RT wrote:
> Be careful... I have another issue on record in the database - the
> nonce
> is required to be an unsigned int 32 on the wire...
> To make matters worse - I know that Heimdal is also using an
> integer. Their
> integer handling code is not as generous as ours... If we send an
> unsigned integer
> with the high bit set - then ASN.1 needs I believe 5 bytes for an
> unsigned integer
> and four for a signed... The Heimdal code will reject the encoding.
>
> One solution - which I believe Heimdal uses is that the nonces are
> randomly
> chosen and the high bit masked off... Not an ideal solution...
No, it's not, but a 31-bit nonce is better than a fairly predictable
32-bit timestamp.
Ken
More information about the krb5-bugs
mailing list