Messages, Basic, Standard - How random does a nonce have to be?
Issue #302
resolved
Don’t we need to define just how random and unique is acceptable for a nonce value? Something like “Must be a 128 bit cryptographically secure randomly generated value or equivalent”? Where we can refer to some appropriate IETF RFC on what ‘cryptographically secure’ means?
Comments (5)
-
-
-
assigned issue to
- changed status to open
check other occurrence of random as well.
-
assigned issue to
-
re
#302change nonce definition Sec 2.3.1. -
re
#302change nonce definition -
- changed status to resolved
Messages was OK. Changed Basic and standard.
- Log in to comment
Here is a copy of definition of Artifact (which is a nonce) from an our predecessor, Artifact Binding draft.
I think it was taken from SAML Artifact Binding.
Having said that, I wonder if our security model depends on the un-predictability of the nonce. Unpredictability requirement comes in only when the attack gains with prediction. If it is a strict onetime nonce, a simple sequence number is strong enough, and that is probably stronger than time limited cryptographic nonce.
Need to double check if we need unpredictability here.