cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: [PATCH] NTLM: use a fake entropy for debug builds

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 19 Mar 2014 23:49:02 +0100 (CET)

On Wed, 19 Mar 2014, Steve Holme wrote:

> which as you can see is 14 characters long and isn't hex encoded.
>
> My understanding of the previous version of code was that it was adding an 8
> byte string to the digest so 64-bits of data - however it was using hex only
> characters ;-)
>
> I don't know if there is any limit on the maximum string to send so I would
> be a little nervous of changing it for a 16 character string.

Really? The section for 'nonce' in RFC2831 clearly spells out:

"It is recommended that this string be base64 or hexadecimal data."

That, in combination with the mention of 64 bit entropy really has to mean
that lots of implementations will use a 16-digit (or longer) hex number, don't
you think? I personally wouldn't be too worried about that.

Alternatively, we can base64 encode the 64 bits (which seems a little overkill
to me) or just cut off 8 bits and go down to 14 hex digits.

Thoughts?

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2014-03-19

This message: [ Message body ]
Next message: Petr Ent: "sftp upload - curl error 79 Error in the ssh layer"
Previous message: Steve Holme: "RE: [PATCH] NTLM: use a fake entropy for debug builds"
In reply to: Steve Holme: "RE: [PATCH] NTLM: use a fake entropy for debug builds"
Next in thread: Daniel Stenberg: "RE: [PATCH] NTLM: use a fake entropy for debug builds"
Reply: Daniel Stenberg: "RE: [PATCH] NTLM: use a fake entropy for debug builds"
Reply: Steve Holme: "RE: [PATCH] NTLM: use a fake entropy for debug builds"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]