This question here is about creating an authentication scheme. The accepted an开发者_JS百科swer given by AviD states
Your use of a cryptographic nonce is also important, that many tend to skip over - e.g. "lets just use a GUID"...
Which leads me to my question. Why wouldn't you just use a GUID?
Whenever you randomly generate a random number intended to be used in cryptography, you should be really sure that the number is really random. GUIDs tend to be generated based on values that can be discovered, guessed or inferred, such as current system time or a network card MAC address, and thus the nonce could potentially be guessed.
Nonces should be random (or at least non-guessable). GUIDs have quite a bit of non-randomness to them (I'm not sure how many bits of entropy are in a GUID).
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论