"nonce"和"nonce"之间有什么区别?和"GUID"? [英] What is the difference between a "nonce" and a "GUID"?
问题描述
此问题此处是关于创建身份验证方案的. AviD给出的公认答案
This question here is about creating an authentication scheme. The accepted answer given by AviD states
您对密码随机数的使用是 同样重要的是,许多人往往会跳过 过度-例如让我们只使用GUID" ...
Your use of a cryptographic nonce is also important, that many tend to skip over - e.g. "lets just use a GUID"...
这使我想到了我的问题.您为什么不只使用GUID?
Which leads me to my question. Why wouldn't you just use a GUID?
推荐答案
每当您随机生成打算用于密码学的随机数时,您都应该真的确保该数字为真的是随机的. GUID倾向于基于可以发现,猜测或推断的值(例如当前系统时间或网卡MAC地址)生成,因此可能会猜测到现时.
Whenever you randomly generate a random number intended to be used in cryptography, you should be really sure that the number is really random. GUIDs tend to be generated based on values that can be discovered, guessed or inferred, such as current system time or a network card MAC address, and thus the nonce could potentially be guessed.
这篇关于"nonce"和"nonce"之间有什么区别?和"GUID"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
