Cookies with non-crypto-secure random (!887) · Merge requests · ISC Open Source Projects / BIND

Witold Krecicki requested to merge wpk-non-crypto-secure-cookies into master Oct 24, 2018

Use non-cryptographically-secure PRNG to generate a nonce for cookies.

Rationale: the nonce here is only used to make sure there is a low probability of duplication, according to section B.2 of rfc7873. It is only 32-bit, and even if an attacker knows the algorithm used to generate nonces it won't, in any way, give him any platform to attack the server as long as server secret used to sign the (nonce, time) pair with HMAC-SHA1 is secure.

On the other hand, currently, each packet sent requires (unnecessarily) a CS pseudo-random number which is ineffective.

Edited Oct 24, 2018 by Witold Krecicki

Cookies with non-crypto-secure random

Merge request reports