Well, not really. That is the most simple way of doing it. But there are several other ways that are better. One possible idea is to use part of the nonce as a signature of the rest of the nonce. And part of the nonce can be a time stamp. This way the impact of replay attacks and DoS attacks can be minimized. Anyhow, you can do it a lot more complicated than random :) /Alex
-----Original Message----- From: freeradius-devel-bounces+alexander.schrab=axis.com@lists.freer adius.org [mailto:freeradius-devel-bounces+alexander.schrab=axis.com@lis ts.freeradius.org] On Behalf Of Alan DeKok Sent: den 22 september 2006 18:08 To: FreeRadius developers mailing list Subject: Re: rfc4590
Alexander Schrab <Alexander.Schrab@axis.com> wrote:
Oh yeah, I have not implemented challange. This is because it was a bigger task than I expected. We need a nonce creation algorithm, methods for calculating body digest and a few more things. Can do that later, the code is prepared for implementing that feature...
The nonce creation is simply calls to lrad_rand().
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html