Replies: 1 comment 5 replies
-
I think having such a niche thing configurable at run-time would be overkill. In particular since this sounds like a broken implementation. 32 hex characters is 128 bits of random, which incidentally seems to often be the minimum recommended size for a nonce. |
Beta Was this translation helpful? Give feedback.
5 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I wanted to establish an https connection to an embedded system to retrieve data.
In order to retrieve the data, I have to make an digest authentication against this system with username and password.
This did not work even though the
password
and theusername
was correct.A debug session has shown that it is due to the long
cnonce
length. The embedded system can only process acnonce
length of 16 for whatever reason!If I change the following length from
33
to17
, the connection works.curl/lib/vauth/digest.c
Line 712 in 96f7547
curl/lib/vauth/digest.c
Line 355 in 96f7547
Now my question:
Could we make the length of the
cnonce
configurable and not fix at compile time?Beta Was this translation helpful? Give feedback.
All reactions