Safe session IDs

From: Ryan M Harris (rmharrisat_private)
Date: Thu Jan 10 2002 - 09:38:09 PST

Next message: Ryan M Harris: "Re: Safe session IDs"

Previous message: Ryan Permeh: "Re: DLL Watching"
Next in thread: Ryan M Harris: "Re: Safe session IDs"
Reply: Jan Lehnardt: "Re: Safe session IDs"
Reply: Christian Recktenwald: "Re: Safe session IDs"
Reply: Josh Daymont: "Re: Safe session IDs"
Reply: Hector Herrera: "Re: Safe session IDs"
Reply: Jarno Huuskonen: "Re: Safe session IDs"
Reply: Adam Osuchowski: "Re: Safe session IDs"
Reply: Glynn Clements: "Re: Safe session IDs"
Reply: Michael Wojcik: "RE: Safe session IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What is the most secure way of generating a session number?

I have used the following formula in the past.  Is it secure (from a
randomness perspective)?  Any way to make it more secure/random?

sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
here) + microtime() )

Ryan M Harris

Next message: Ryan M Harris: "Re: Safe session IDs"
Previous message: Ryan Permeh: "Re: DLL Watching"
Next in thread: Ryan M Harris: "Re: Safe session IDs"
Reply: Jan Lehnardt: "Re: Safe session IDs"
Reply: Christian Recktenwald: "Re: Safe session IDs"
Reply: Josh Daymont: "Re: Safe session IDs"
Reply: Hector Herrera: "Re: Safe session IDs"
Reply: Jarno Huuskonen: "Re: Safe session IDs"
Reply: Adam Osuchowski: "Re: Safe session IDs"
Reply: Glynn Clements: "Re: Safe session IDs"
Reply: Michael Wojcik: "RE: Safe session IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 10 2002 - 14:46:01 PST