[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGPticket

At 03:52 PM 5/27/98 -0700, Tony Bartoletti wrote:
>  >A client should never sign a challenge on it's own. the challenge should 
>  >have a client random nonce  appended to it, then sign that. the nonce
>  >can in fact be used as a counter challenge for the server to sign (whereby
>  >it also attaches a random nonce)
>Vinnie,  You are absolutely right.  I was led astray by the wording of 6:
>  "The client signs and returns the challenge string with a
>  random nonce appended."

Is appending the nonce good enough, or should you really prepend as well?
The problem is that lots of applications can potentially be tricked by
	sign( "syntactically-correct-stuff,junk" )
while they're less likely to accept messages with the junk first.
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

Follow-Ups: References: