On Thu, Jan 10, 2002 at 12:38:09PM -0500, Ryan M Harris wrote:
> What is the most secure way of generating a session number?
>
> I have used the following formula in the past. Is it secure (from a
> randomness perspective)? Any way to make it more secure/random?
>
> sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
> here) + microtime() )
Let's have a look at the needs for a session id:
a.) it has to be unique for your application being able
to distinguish different instances of itself.
b.) it has to be unpredictable from the security point of view.
- in this order. First, it has to be robust then one can harden it.
Security without robustness is no good.
From the uniqueness point of view REMOTE_IP, REMOTE_USER_AGENT are
pointless: one can easily use two browser instances, there are
hosts grouped to the same values using a proxy server, etc.
Microtime may be the same by co-incidence. The output from
rand() is (hopefully - depending on the implementation)
random, but for sure randomness doesn't guarantee for
uniqueness (see below). One has to /ensure/ uniqueness.
Therefore one can take the process id (PID) (on a UNIX-like system).
The PID is /defined/ to be unique in the way, that there
can be only one process have a given PID at the same time.
Of course there is a weakness, too: if some day a system will become
so well-performing it can create 32000 processes in a second,
you will get the same PID for two processes in a second.
Until then, a concatenation of localtime and pid may suffice.
The correct way to ensure uniqueness would be using a counter,
e.g. from a data base system.
From the unpredictability point of view REMOTE_IP, REMOTE_USER_AGENT
are pointless, either. Microtime may add some small randomness because
computer clocks running inaccurately. But as the scheduler has a far larger
periodicity (typical 50-100 task switches / second) this should not
be relied on.
rand() is defined to return an integer value, which is 16 bit
on most systems. Therefore it ranges from 0-65535 - not enough
for security concerns. Call rand() 8 times, (or get 16 byte from
another good entropy source) you'll get 128 bits.
These are practically unpredictable and so you don't need
to mangle them with MD5 to hide how your session id is created.
(this would be the only benefit MD5 could have here)
But all this would be useless, if you don't take care
of what is done with this session id, where it is transmitted
and stored (esp. in web applications)
HTH, Chris
--
Christian Recktenwald : :
citecs GmbH : chrisat_private :
Unternehmensberatung fuer : voice +49 711 601 2090 : Burgstallstrasse 54
EDV und Telekommunikation : fax +49 711 601 2092 : D-70199 Stuttgart
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:20:59 PST