Opened 9 years ago
Last modified 8 years ago
#264 new defect
Drop Ada.Numerics.Discrete_Random from nonce creation.
Reported by: | Maxim Reznik | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Matreshka - Web Services | Version: | 0.0.4 |
Keywords: | Cc: |
Description
I belive Ada.Numerics.Discrete_Random is easy predicable and should not be used as source for nonce generation in
Web_Services.SOAP.Security.Password_Digest_Utilities
located in design/soap/ws-securit/
Change History (2)
comment:1 by , 9 years ago
comment:2 by , 8 years ago
Some information about cryptographically secure pseudorandom number generators
http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator
there are some references to known standards, we can implement one of them to replace random generator from predefined library.
Note:
See TracTickets
for help on using tickets.
As one of approach - use MD5 of Ada.Numerics.Discrete_Random.
In addition we could provide API to register user's random generator.