On Tue, 2008-09-16 at 13:06 +0100, Stephen Paterson wrote: > Hi all, > > Quick question. > Are there any recommended/suggested ways of generating a cnonce for use > with a RFC 2617 compliant UAC or is it just an arbitrary quoted string? > I've found plenty of info on nonce but not so much on cnonce and it > seems I can just pick any old string. > Any references much appreciated.
All the advice on how to generate server nonce values applies to generating cnonce values. They server the same purpose but in opposite directions. Each cnonce value should be something that attacker would be unable to predict. _______________________________________________ Sip-implementors mailing list [email protected] https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
