2

Does replacing the values of the nonces in messages 3 and 4 with the cookie values in the headers of these messages, give an attacker any advantage?

The nonce should be randomly chosen while the cookie is generated in a way that the attacker cannot predict. From the attacker's point of view, they might be interchangeable as long as he do not know the local_secret used to generate the cookie.

What is more, according to the RFC the length of the cookie meets the minimal length requirement of the nonce.

Any insights?

LmSNe
  • 21
  • 1

0 Answers0