On Thu, Jan 10, 2002 at 12:38:09PM -0500, Ryan M Harris wrote: > What is the most secure way of generating a session number? > > I have used the following formula in the past. Is it secure (from a > randomness perspective)? Any way to make it more secure/random? > > sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from > here) + microtime() ) Let's have a look at the needs for a session id: a.) it has to be unique for your application being able to distinguish different instances of itself. b.) it has to be unpredictable from the security point of view. - in this order. First, it has to be robust then one can harden it. Security without robustness is no good. From the uniqueness point of view REMOTE_IP, REMOTE_USER_AGENT are pointless: one can easily use two browser instances, there are hosts grouped to the same values using a proxy server, etc. Microtime may be the same by co-incidence. The output from rand() is (hopefully - depending on the implementation) random, but for sure randomness doesn't guarantee for uniqueness (see below). One has to /ensure/ uniqueness. Therefore one can take the process id (PID) (on a UNIX-like system). The PID is /defined/ to be unique in the way, that there can be only one process have a given PID at the same time. Of course there is a weakness, too: if some day a system will become so well-performing it can create 32000 processes in a second, you will get the same PID for two processes in a second. Until then, a concatenation of localtime and pid may suffice. The correct way to ensure uniqueness would be using a counter, e.g. from a data base system. From the unpredictability point of view REMOTE_IP, REMOTE_USER_AGENT are pointless, either. Microtime may add some small randomness because computer clocks running inaccurately. But as the scheduler has a far larger periodicity (typical 50-100 task switches / second) this should not be relied on. rand() is defined to return an integer value, which is 16 bit on most systems. Therefore it ranges from 0-65535 - not enough for security concerns. Call rand() 8 times, (or get 16 byte from another good entropy source) you'll get 128 bits. These are practically unpredictable and so you don't need to mangle them with MD5 to hide how your session id is created. (this would be the only benefit MD5 could have here) But all this would be useless, if you don't take care of what is done with this session id, where it is transmitted and stored (esp. in web applications) HTH, Chris -- Christian Recktenwald : : citecs GmbH : chrisat_private : Unternehmensberatung fuer : voice +49 711 601 2090 : Burgstallstrasse 54 EDV und Telekommunikation : fax +49 711 601 2092 : D-70199 Stuttgart
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:20:59 PST