From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 4 Aug 2021 10:20:07 +0000 (+0100)
Subject: PROTOCOL: note re nonce based auth being hard
X-Git-Tag: hippotat/1.0.0~348
X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ian/git?a=commitdiff_plain;h=2000d12ea724e6c64c020795de51f149b5776c45;p=hippotat.git

PROTOCOL: note re nonce based auth being hard

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/PROTOCOL b/PROTOCOL
index 1a385c3..4c4472b 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -31,6 +31,7 @@ Authentication token is:
         HMAC(secret, <time_t in hex>)
 and the hash function is SHA256
 
+
 Possible future nonce-based authentication:
 
 server keeps big nonce counter for each client
@@ -39,4 +40,5 @@ meaning is:
 also server keeps bitmap of the previous ?64 nonces,
  whether client has sent them
 
-client picks.... xxx
+difficult because client-generated nonces would have to never go
+backwaards which basically means never-rewinding state on the client.