PROTOCOL: note re nonce based auth being hard

[hippotat.git] / PROTOCOL

diff --git a/PROTOCOL b/PROTOCOL
index 1a385c3a143e93f180159f4d0347cd9d0618c474..4c4472b0a465634f21f8850eea193c090fab0876 100644 (file)
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -31,6 +31,7 @@ Authentication token is:
         HMAC(secret, <time_t in hex>)
 and the hash function is SHA256
 
+
 Possible future nonce-based authentication:
 
 server keeps big nonce counter for each client
@@ -39,4 +40,5 @@ meaning is:
 also server keeps bitmap of the previous ?64 nonces,
  whether client has sent them
 
-client picks.... xxx
+difficult because client-generated nonces would have to never go
+backwaards which basically means never-rewinding state on the client.