Skip to content

Cookies with non-crypto-secure random

Witold Krecicki requested to merge wpk-non-crypto-secure-cookies into master

Use non-cryptographically-secure PRNG to generate a nonce for cookies.

Rationale: the nonce here is only used to make sure there is a low probability of duplication, according to section B.2 of rfc7873. It is only 32-bit, and even if an attacker knows the algorithm used to generate nonces it won't, in any way, give him any platform to attack the server as long as server secret used to sign the (nonce, time) pair with HMAC-SHA1 is secure.

On the other hand, currently, each packet sent requires (unnecessarily) a CS pseudo-random number which is ineffective.

Edited by Witold Krecicki

Merge request reports