digest: append the timer to the random for the nonce

diff --git a/lib/http_digest.c b/lib/http_digest.c
index 50ccc05ad215f65ec63e53bb682026c25a9f5a63..bc8e23d43d8f0fc2452013246072f0038bf215fb 100644 (file)
--- a/lib/http_digest.c
+++ b/lib/http_digest.c
@@ -375,8 +375,11 @@ CURLcode Curl_output_digest(struct connectdata *conn,
     d->nc = 1;
 
   if(!d->cnonce) {
-    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x",
-             Curl_rand(data), Curl_rand(data));
+    struct timeval now = Curl_tvnow();
+    snprintf(cnoncebuf, sizeof(cnoncebuf), "%08x%08x%08x%08x",
+             Curl_rand(data), Curl_rand(data),
+             (unsigned int)now.tv_sec,
+             (unsigned int)now.tv_usec);
 
     rc = Curl_base64_encode(data, cnoncebuf, strlen(cnoncebuf),
                             &cnonce, &cnonce_sz);