Richard, Thanks for replying,
I'm supposed to implement Needham-Schroeder computer security protocol; I'm using OpenSSL to handle the cryptography part of the five messages being exchanged.
In message one for example:
Client A --> CA Server: A, B, Na
Where Na is a random nonce generated by the client A, where it is generated especially for each run of the protocol, the nonce is used to ensure that the messages are timely. Now I believe that the nonce in this protocol in particular must be in a numerical form as the CA server must send (Na -1) back to Client A.
I hope that I was able to give a clear description of my problem, and I apologize if my questions tend to seem a bit obvious, but I'm really new at this.
Thanks again for your help,
Layla.
Richard Levitte - VMS Whacker <[EMAIL PROTECTED]> wrote:
In message <[EMAIL PROTECTED]> on Sun, 19 Sep 2004 07:30:33 -0700 (PDT), Layla <[EMAIL PROTECTED]>said:
layla_a2002> IÃÎ currently working on a project where I must implement
layla_a2002> Needham-Schroeder symmetric key security protocol. During
layla_a2002> the first message exchanged from client A to the CA
layla_a2002> server, the client must send a nonce identifier. This
layla_a2002> nonce must be a random number. I got lost trying to
layla_a2002> figure out the best way to generate a random number using
layla_a2002> OpenSSL.
What form should that number hace, exactly?
layla_a2002> I found the following segment:
layla_a2002>
layla_a2002> #include
layla_a2002>
layla_a2002> // ...
layla_a2002>
layla_a2002> unsigned char rnd[2500];
layla_a2002>
layla_a2002> RAND_pseudo_bytes(rnd,sizeof(rnd));
layla_a2002>
layla_a2002> When I ran this code and attempted to see the contents of
layla_a2002> rnd I got a non-comprehensible output, is that the way
layla_a2002> itÃÔ supposed to be? Ciphered? Or is something wrong?
Well, you're asking for 2500 random bytes. Of course they will really
be random, so what do you expect, other than an incomprehensible
stream of bytes?
layla_a2002> On the other hand, according to the ůetwork Security
layla_a2002> with OpenSSL” book I must use PRNG which requires
layla_a2002> EGADS as a third party package to provide a seed to
layla_a2002> PRNG. Must I really use PRNG or is it designed for more
layla_a2002> sophisticated purposes rather than generating a nonce?
The purpose of RAND_pseudo_bytes is to give you fairly random bytes.
They are perfectly suitable for a random nonce.
layla_a2002> IÃÎ seeking your guidance as I donÃÕ want to end up
layla_a2002> reinventing the wheel or getting stuck in a mess that I
layla_a2002> donÃÕ even need, to get the job done.
Well, I'm missing a description of what you really want. What's the
type of your nonce?
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte [EMAIL PROTECTED]
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
