Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!sdd.hp.com!spool.mu.edu!snorkelwacker.mit.edu!shelby!FLITS.CS.VU.NL!leendert
From: leendert@FLITS.CS.VU.NL
Newsgroups: comp.protocols.kerberos
Subject: Re: timestamp in authentication process
Message-ID: <9103011115.aa02061@flits.cs.vu.nl>
Date: 1 Mar 91 10:15:13 GMT
References: <9102282018.aa00974@top.cs.vu.nl>
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 17


#> These are just some sunday morning thoughts, perhaps someone would like
#> to comment on this ? For example, I don't see the point in using timestamps;
#> using (unique:-) random numbers as nonces would do just as well. A lot
#> of authentication protocols use random numbers as nonces, these seem to
#> behave much cleaner (no hairy details like synchronized time).
#
#        But...  where do you get the random numbers from?  There are no
#random numbers available on a public workstation before a user logs in.

In my case (Amoeba) that wouldn't be too hard. Every kernel has its own
random generator which is initialized with some hardware dependent values
(clock, offset of the printbuf, etc). This mechanism should work equally well
for other systems, I suppose. I know these number aren't perfect, but it
all depends on the quality of your random generator and the seed.

Leendert