[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
At 03:52 PM 5/27/98 -0700, Tony Bartoletti wrote:
> >A client should never sign a challenge on it's own. the challenge should
> >have a client random nonce appended to it, then sign that. the nonce
> >can in fact be used as a counter challenge for the server to sign (whereby
> >it also attaches a random nonce)
>Vinnie, You are absolutely right. I was led astray by the wording of 6:
> "The client signs and returns the challenge string with a
> random nonce appended."
Is appending the nonce good enough, or should you really prepend as well?
The problem is that lots of applications can potentially be tricked by
sign( "syntactically-correct-stuff,junk" )
while they're less likely to accept messages with the junk first.
Bill Stewart, email@example.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639