> To be more specific, there are two things you need in a challenge > value: uniqueness and unpredictability. Lack of uniqueness allows an > attacker to replay a past response to a future challenge. Predictability > allows an attacker to pre-fetch a correct future response from one of the > parties. > > A counter provides perfect uniqueness (up to its maximum range) but easy > predictability. A physical random source provides great unpredictability A counter is acceptable if it and a value from the entropy pool are run through MD5 or SHA1. The "seed" or current state of the entropy pool must of course be kept in a secure fashion and not revealed. You must not ever re-issue a challenge, etc. The counter must be used properly and not allowed to wrap without some sort of reseeding operation. Otherwise, you will violate the previous condition. I have hardly covered all the points. A good paper seems to be: http://www.counterpane.com/yarrow.html. Mike
This archive was generated by hypermail 2b30 : Tue Jul 30 2002 - 21:36:43 PDT