Spring Security SEC-1851: DigestAuthenticationEntryPoint should generate really unique nonce values

Vladimir Korolev (Migrated from SEC-1851) said:

RFC 2617 specifies that "nonce" should be uniquely generated. See http://tools.ietf.org/html/rfc2617#page-9. In my case this is used for protection against replay attacks.

DigestAuthenticationEntryPoint uses System.currentTimeMillis() to ensure uniqueness. Obviously this approach will produce duplicate nonces on high load. See attached test.

And here is a real practical problem. Average load on the server is 1 request for new nonce per second. During one hour: - requests for new nonce n = 3600 - available unique nonces N = 3600 * 1000 Probability of obtaining same nonce by two requests: P ~ 1 - e ^ (-n_n/2_N) ~ 1 - e ^ (-0.5) ~ 0.86 (See http://en.wikipedia.org/wiki/Birthday_problem#Approximations). Load testing confirmed a theory. Under load of 100 requests per second each 15th request returned duplicate nonce.

Unfortunately I'm not sure how this should be fixed. Straightforward way is to add a value of global counter as a third part of nonce. More general way is to use a separate bean for nonce-related work: generate nonce, extract expire time from nonce, check integrity of parsed nonce. Then anyone can update only this bean to customize nonce generation.

Comment From: rwinch

Closing because Digest authentication is considered insecure. See gh-9810