Safe session IDs
From: Ryan M Harris (rmharris@acdinc.net)Date: 01/10/02
- Previous message: Ryan Permeh: "Re: DLL Watching"
- Next in thread: Ryan M Harris: "Re: Safe session IDs"
- Reply: Ryan M Harris: "Re: Safe session IDs"
- Reply: Jan Lehnardt: "Re: Safe session IDs"
- Reply: Christian Recktenwald: "Re: Safe session IDs"
- Reply: Josh Daymont: "Re: Safe session IDs"
- Reply: Hector Herrera: "Re: Safe session IDs"
- Reply: Jarno Huuskonen: "Re: Safe session IDs"
- Reply: Adam Osuchowski: "Re: Safe session IDs"
- Reply: Glynn Clements: "Re: Safe session IDs"
- Reply: Ryan M Harris: "Re: Safe session IDs"
- Reply: Michael Wojcik: "RE: Safe session IDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ryan M Harris" <rmharris@acdinc.net> To: <secprog@securityfocus.com> Date: Thu, 10 Jan 2002 12:38:09 -0500
What is the most secure way of generating a session number?
I have used the following formula in the past. Is it secure (from a
randomness perspective)? Any way to make it more secure/random?
sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
here) + microtime() )
Ryan M Harris
- Previous message: Ryan Permeh: "Re: DLL Watching"
- Next in thread: Ryan M Harris: "Re: Safe session IDs"
- Reply: Ryan M Harris: "Re: Safe session IDs"
- Reply: Jan Lehnardt: "Re: Safe session IDs"
- Reply: Christian Recktenwald: "Re: Safe session IDs"
- Reply: Josh Daymont: "Re: Safe session IDs"
- Reply: Hector Herrera: "Re: Safe session IDs"
- Reply: Jarno Huuskonen: "Re: Safe session IDs"
- Reply: Adam Osuchowski: "Re: Safe session IDs"
- Reply: Glynn Clements: "Re: Safe session IDs"
- Reply: Ryan M Harris: "Re: Safe session IDs"
- Reply: Michael Wojcik: "RE: Safe session IDs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
