simple method for timestamp and nonce


Some internet protocols such as OAuth need timestamps and nonces.

Here comes what 8. Nonce and Timestamp saids in OAuth Core 1.0 Revision A,

Unless otherwise specified by the Service Provider, the timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT. The timestamp value MUST be a positive integer and MUST be equal or greater than the timestamp used in previous requests.
The Consumer SHALL then generate a Nonce value that is unique for all requests with that timestamp. A nonce is a random string, uniquely generated for each request. The nonce allows the Service Provider to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel (such as HTTP).

Some just use System.nanoTime().

Let’s do something. As of writing this entry, System.currentTimeMillis() gave me 1354169632072 which has 23 high zero bits.

current millis
    1354169632072
    0x13B4ACCC548
    Thu Nov 29 15:13:52 KST 2012
    0000 0000 0000 0000 0000 0001 0011 1011
    0100 1010 1100 1100 1100 0101 0100 1000

left shift by 3
    10833357056576
    0x9DA56662A40
    Sat Apr 19 10:50:56 KST 2313
    0000 0000 0000 0000 0000 1001 1101 1010
    0101 0110 0110 0110 0010 1010 0100 0000

left shift by 20
    1419949776119529472
    0x13B4ACCC54800000
    Tue Feb 24 15:32:09 KST 44998387
    0001 0011 1011 0100 1010 1100 1100 1100
    0101 0100 1000 0000 0000 0000 0000 0000

Note that shifting 3 bits serves about 300 years.
We can have, by shifting 20 bits, free 20 bits for random number with given timestamps.


// <20-bit shifted current millis> | <20-bit random>

// 000T TTTT TTTT TTTT TTTT TTTT TTTT TTTT
// TTTT TTTT TTTT NNNN NNNN NNNN NNNN NNNN

// this method will be valid for about 300 years
// possibility of collisions: one in a million in the very same millisecond

final long nonce =
    (System.currentTimeMillis() << 20)
    | ThreadLocalRandom.current().nextInt(1048576);

Here are some methods.

public static long nonce(final long timestamp, final Random random) {
    return (timestamp << 20) | random.nextInt(1048576);
}

public static long nonce(final long timestamp) {
    return nonce(timestamp, ThreadLocalRandom.current());
}

public static long nonce(final Random random) {
    return nonce(System.currentTimeMillis(), random);
}

public static long nonce() {
    return nonce(System.currentTimeMillis(), ThreadLocalRandom.current());
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s