|
From: | silvioprog |
Subject: | Re: [libmicrohttpd] Some questions about the example "digest_auth_example.c" |
Date: | Thu, 3 Mar 2016 10:00:35 -0300 |
No, see:
http://security.stackexchange.com/questions/24425/what-is-the-opaque-field-in-http-digest-access-authentication-used-for
MHD_OPTION_NONCE_NC_SIZE is optional, the value will default to 4 if you
specify none. Note that 4 may be a bit small for real uses.
You can technically also leave out MHD_OPTION_DIGEST_AUTH_RANDOM, but
then you're reducing the security of your authentication as you are no
longer using salted hashes.
Provide a cryptographic salt, and the size of a buffer to manage nonces.
> The example uses the "/dev/urandom" feature, but I need to make a
> cross-platform solution, so can I use a hash like a UUID (I can generate
> it using a own function) instead of using urandom?
For the opaque, sure. For the salt, you may want to make it vary each
time the program runs.
[Prev in Thread] | Current Thread | [Next in Thread] |