openid / connect / issues / #302 - Messages, Basic, Standard - How random does a nonce have to be? — Bitbucket

Issue #302 resolved

Michael Jones created an issue 2011-11-17

Don’t we need to define just how random and unique is acceptable for a nonce value? Something like “Must be a 128 bit cryptographically secure randomly generated value or equivalent”? Where we can refer to some appropriate IETF RFC on what ‘cryptographically secure’ means?

Comments (5)

Nat Sakimura
Here is a copy of definition of Artifact (which is a nonce) from an our predecessor, Artifact Binding draft.
```
 The Artifact value must 
 include the string constructed from a cryptographically strong 
 random or pseudorandom number sequence [RFC1750] generated by the OP. 
```
I think it was taken from SAML Artifact Binding.

Having said that, I wonder if our security model depends on the un-predictability of the nonce. Unpredictability requirement comes in only when the attack gains with prediction. If it is a strict onetime nonce, a simple sequence number is strong enough, and that is probably stronger than time limited cryptographic nonce.

Need to double check if we need unpredictability here.
- 2011-11-17T15:36:51+00:00
Nat Sakimura
- assigned issue to
  
  John Bradley
- changed status to open
check other occurrence of random as well.
- 2011-11-18T00:06:58+00:00
John Bradley
re ~~#302~~ change nonce definition Sec 2.3.1.

→ 04d2484eb44f
- 2011-12-08T16:20:28+00:00
John Bradley
re ~~#302~~ change nonce definition

→ 05e718cadf19
- 2011-12-08T16:26:06+00:00
John Bradley
- changed status to resolved
Messages was OK. Changed Basic and standard.
- 2011-12-08T16:31:17+00:00
Log in to comment

Assignee: John Bradley

Type: bug

Priority: minor

Status: resolved

Component: –

Milestone: –

Version: –

Votes: 0

Watchers: 0

Jira: the preferred issue tracker for Bitbucket. Join the team!