Re: Safe session IDs

From: Adam Osuchowski (adwolat_private)
Date: Thu Jan 10 2002 - 15:19:45 PST

Next message: Josh Daymont: "URL for Yarrow PRNG"

Previous message: Jarno Huuskonen: "Re: Safe session IDs"
In reply to: Ryan M Harris: "Safe session IDs"
Next in thread: Glynn Clements: "Re: Safe session IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ryan M Harris wrote:
> What is the most secure way of generating a session number?
> 
> I have used the following formula in the past.  Is it secure (from a
> randomness perspective)?  Any way to make it more secure/random?
> 
> sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
> here) + microtime() )

Aside from it I often add extra time(). microtime() is too periodic, and time
still increase. ;))

-- 
##  Adam Osuchowski   adwolat_private, adwolat_private
##  Silesian University of Technology, Computer Centre   Gliwice, Poland

Next message: Josh Daymont: "URL for Yarrow PRNG"
Previous message: Jarno Huuskonen: "Re: Safe session IDs"
In reply to: Ryan M Harris: "Safe session IDs"
Next in thread: Glynn Clements: "Re: Safe session IDs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:49:14 PST