> > I found something strange with nonce, the nonce seems never change > nonce_max_count > > auth_param digest nonce_max_count 10 > auth_param digest check_nonce_count yes > auth_param digest nonce_strictness on > > http://www.squid-cache.org/Doc/config/auth_param/ > > With wireshark I'm seeing my nonce like nonce="a7qcucileAouwvp6" ok > no problem, but it still the same after many requests (hundred) > > I also tested with auth_param digest nonce_max_duration 2 minutes, I > need reload my ID/password. > > A bug ? or misunderstanding ? > > Thanks > > I opened a new bug, with also a fix, here http://bugs.squid-cache.org/show_bug.cgi?id=3782 I think that It's a potential security problem about replay attacks Regards Fred
