Hi all, I was think about Random number generators and GUIDs, and alike and was wondering what the general opinion of the use of them. Firstly, evey commerce site has the conundrum of preventing Web session spoofing/Session Hijacking. Typically, it is very insecure to allow the sessions to be incremented for each customer visiting the site. As shown early last year, numerous web sites came under attack, freely spitting ot customer information. There for what would be the best solution to preventing Session hijacking? Secondly, I believe using a solid Random Number generator that creates Session Id's would be a good bet. However, I want to open the debate up for the use of GUID, a Global Unique IDentifier. Used in Unix/NT these numbers are said to be guaranteed unique and random. However, I have not seen any cryptoanalysis or white papers explaining Microsoft's implementation of their GUID generator or any other! How secure is the MS GUID generator? Any comments? I look forward to your reply. r1ccard0 0 tolerance Tech. IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages. Get your FREE, totally secure email address at http://www.hushmail.com.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:24 PDT