Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!uunet!shelby!B.GP.CS.CMU.EDU!mdl
From: mdl@B.GP.CS.CMU.EDU (Mark Lillibridge)
Newsgroups: comp.protocols.kerberos
Subject: timestamp in authentication process
Message-ID: <9102281918.AA05488@shelby.Stanford.EDU>
Date: 28 Feb 91 19:18:29 GMT
References: <9140@star.cs.vu.nl>
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 10


> These are just some sunday morning thoughts, perhaps someone would like
> to comment on this ? For example, I don't see the point in using timestamps;
> using (unique:-) random numbers as nonces would do just as well. A lot
> of authentication protocols use random numbers as nonces, these seem to
> behave much cleaner (no hairy details like synchronized time).

	But...  where do you get the random numbers from?  There are no
random numbers available on a public workstation before a user logs in.
						- Mark Lillibridge