Jan writes:
> Just out of curiosity: Is your compiler clever enough
> to do just what you said? Another words, would this
> attached code fail to produce random nonce string (
> the idea apparently criticized by Erik, but I do not care
> where this came from. It works fine in Hugs-98,
> February 2000 release). Humor me please :-)
>
> nonce :: Int -> String
> nonce size
> = take size (filter isAlpha
> (randoms $ mkStdGen (fst $ unsafePerformIO timeFrom1970)))
>
>
> timeFrom1970 :: IO (Int, Int)
> -- you can simulate it somehow, but
> -- source code is available to all
> -- at www.numeric-quest.com/haskell/bridge/
Off-topic, I know, but even if this worked as I think you intend, it would hardly be
random and would certainly be unsuitable for use as a nonce. Applying `mkStdGen' to
the current time doesn't make it any more random! You might as well use
nonce size = take size (cycle (map chr (chop_into_smaller_bits timeFrom1970)))
where chop_into_smaller_bits expresses timeFrom1970 in base 36 or something.
An attacker can certainly guess within a few seconds (= a few trials) when your
connection was negotiated.
--KW 8-)
--
: Keith Wansbrough, MSc, BSc(Hons) (Auckland) -------------------:
: PhD Student, Computer Laboratory, University of Cambridge, UK. :
: Native of Antipodean Auckland, New Zealand: 174d47'E, 36d55'S. :
: http://www.cl.cam.ac.uk/users/kw217/ mailto:[EMAIL PROTECTED] :
:----------------------------------------------------------------:
