At 03:52 PM 5/27/98 -0700, Tony Bartoletti wrote:
>A client should never sign a challenge on it's own. the challenge should
>have a client random nonce appended to it, then sign that. the nonce
>can in fact be used as a counter challenge for the server to sign (whereby
>it also attaches a random nonce)
Vinnie, You are absolutely right. I was led astray by the wording of 6:
"The client signs and returns the challenge string with a
random nonce appended."
Is appending the nonce good enough, or should you really prepend as well?
The problem is that lots of applications can potentially be tricked by
sign( "syntactically-correct-stuff,junk" )
while they're less likely to accept messages with the junk first.
Thanks!
Bill
Bill Stewart, bill(_dot_)stewart(_at_)pobox(_dot_)com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639