cURL / Mailing Lists / curl-library / Single Mail


RE: [PATCH] NTLM: use a fake entropy for debug builds

From: Daniel Stenberg <>
Date: Wed, 19 Mar 2014 23:49:02 +0100 (CET)

On Wed, 19 Mar 2014, Steve Holme wrote:

> which as you can see is 14 characters long and isn't hex encoded.
> My understanding of the previous version of code was that it was adding an 8
> byte string to the digest so 64-bits of data - however it was using hex only
> characters ;-)
> I don't know if there is any limit on the maximum string to send so I would
> be a little nervous of changing it for a 16 character string.

Really? The section for 'nonce' in RFC2831 clearly spells out:

  "It is recommended that this string be base64 or hexadecimal data."

That, in combination with the mention of 64 bit entropy really has to mean
that lots of implementations will use a 16-digit (or longer) hex number, don't
you think? I personally wouldn't be too worried about that.

Alternatively, we can base64 encode the 64 bits (which seems a little overkill
to me) or just cut off 8 bits and go down to 14 hex digits.


List admin:
Received on 2014-03-19