1

The ArangoDB docs discuss a couple nonce functions here:

https://docs.arangodb.com/3.1/Manual/Appendix/JavaScriptModules/Crypto.html

I understand the idea that I would create a nonce, send it to the client, hash a password with the nonce and send it to the server. But I don't really understand how these two functions work together to make this all happen.

Can someone elaborate on this documentation and the process? If I hash the nonce and the password together, how do I compare it to the stored password that's already hashed? Just looking for some guidance on the process. Thanks!

Update with more details:

I'm working on auth code. I guess in general I'm trying to understand the two functions in the ArangoDB crypto library and how they work together. The documentation doesn't elaborate very much. I found this workflow on wikipedia:https://en.wikipedia.org/wiki/Cryptographic_nonce But I'm not sure I understand it.

enter image description here

  1. Client login page requests a nonce from server. Server provides. Does the server then store this nonce is the users session for later retrieval?
  2. Client hashes password with nonce from server and a client created nonce as well and sends the username, client nonce, and encrypted password to the server.
  3. How does the server compare the password hashed with the nonce & client nonce, to the already hashed and stored password in the database? Instead of hashing the password with the nonce & cnonce, should it just be encrypted using one of the nonce's as a key?

The ArangoDB crypto library provides two functions createNonce, which is obvious, but then it provides checkAndMarkNonce. How does this fit into the workflow? How can I check the returned nonce unless I store it in a session var? And how can I check the nonce if it's hashed along with the password? Is this wikipedia example just wrong, or am I missing some key components?

skinneejoe
  • 3,921
  • 5
  • 30
  • 45
  • Can you elaborate on what you want to achieve? Are you trying to write the authentication code for users? – Artjom B. Jun 16 '17 at 05:11
  • I added some further clarification to the original post. – skinneejoe Jun 16 '17 at 12:23
  • Don't use a nonce if you don't know what properties a protocol with such a nonce would exhibit. The protocol that you found on Wikipedia should be discouraged, because it suggests that the password is stored on the server in a recoverable fashion: plaintext or as ciphertext, but decryptable. Nonces are typically used to break replay attacks as in this case. There are probably protocols out there that don't have such a bad behavior as this one. – Artjom B. Jun 16 '17 at 18:26
  • I've checked the implementation of it. The documentation is wrong. The signature should be `crypto.checkAndMarkNonce(nonce): boolean` and returns `true` if the server has seen the passed nonce the first time. It uses some statistical tests that I don't fully understand, but it certainly has an internal in-memory store for that. This seems like a bad idea. See: https://github.com/arangodb/arangodb/blob/3.2/lib/Basics/Nonce.cpp – Artjom B. Jun 16 '17 at 18:51
  • I've opened an issue: https://github.com/arangodb/arangodb/issues/2597 – Artjom B. Jun 16 '17 at 19:08
  • Ok well I'm glad to hear I'm not crazy. The wikipedia, example seemed very confusing. I knew nonce's were mostly used to defend replay attacks, so hashing it with the password seemed just wrong. – skinneejoe Jun 16 '17 at 20:35
  • Interesting that the nonce's are stored in memory when encountered for the first time. Seems like a reboot of the server would invalidate the "mark" store. However, I'm no C++ dev, but it looks like checkAndMarkNonce also does some date/time checks too, so maybe the marks only need to be stored for a certain amount of time before the nonce becomes invalid? It will be nice to see if Arango Devs reply to your open issue. Thanks! – skinneejoe Jun 16 '17 at 20:39

0 Answers0