Understanding cookie creation
Ian Bruene
ianbruene at gmail.com
Sun Feb 10 23:03:37 UTC 2019
After looking at the cookie creation code I don't understand how a
server is supposed to extract the keys contained within. It would not
have the data to de-xor the contents of the cookie when presented with
said cookie.
Unless this is just a placeholder?
int make_cookie(uint8_t *cookie,
uint16_t aead,
uint8_t *c2s, uint8_t *s2c, int keylen) {
int length = NTS_COOKIELEN/2;
if (keylen < length)
length = keylen;
*cookie = aead & 0xFF;
for (int i=0; i<length; i++) {
*cookie++ = *c2s++^*s2c++;
}
return length;
}
--
/"In the end; what separates a Man, from a Slave? Money? Power? No. A
Man Chooses, a Slave Obeys."/ -- Andrew Ryan
/"Utopia cannot precede the Utopian. It will exist the moment we are fit
to occupy it."/ -- Sophia Lamb
I work for the Internet Civil Engineering Institute <https://icei.org/>,
help us save the Internet from Entropy!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190210/cfcad163/attachment.html>
More information about the devel
mailing list