rfc4590

Alexander Schrab Alexander.Schrab at axis.com
Mon Sep 25 07:48:12 CEST 2006


Well, not really. That is the most simple way of doing it. But there are
several other ways that are better. One possible idea is to use part of
the nonce as a signature of the rest of the nonce. And part of the nonce
can be a time stamp. This way the impact of replay attacks and DoS
attacks can be minimized. Anyhow, you can do it a lot more complicated
than random :)

/Alex

> -----Original Message-----
> From: 
> freeradius-devel-bounces+alexander.schrab=axis.com at lists.freer
> adius.org 
> [mailto:freeradius-devel-bounces+alexander.schrab=axis.com at lis
> ts.freeradius.org] On Behalf Of Alan DeKok
> Sent: den 22 september 2006 18:08
> To: FreeRadius developers mailing list
> Subject: Re: rfc4590 
> 
> 
> Alexander Schrab <Alexander.Schrab at axis.com> wrote:
> > Oh yeah, I have not implemented challange. This is because it was a 
> > bigger task than I expected. We need a nonce creation algorithm, 
> > methods for calculating body digest and a few more things. 
> Can do that 
> > later, the code is prepared for implementing that feature...
> 
>   The nonce creation is simply calls to lrad_rand().
> 
>   Alan DeKok.
> --
>   http://deployingradius.com       - The web site of the book
>   http://deployingradius.com/blog/ - The blog
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/devel.html
> 




More information about the Freeradius-Devel mailing list