Re: Secure random ID generation

From: David Wagner (dawat_private)
Date: Tue Dec 03 2002 - 09:26:10 PST

Next message: Alex Russell: "Re: Secure random ID generation"

Previous message: Ryan M Harris: "Secure random ID generation"
In reply to: Ryan M Harris: "Secure random ID generation"
Next in thread: Ryan M Harris: "RE: Secure random ID generation"
Next in thread: Alex Russell: "Re: Secure random ID generation"
Reply: Ryan M Harris: "RE: Secure random ID generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ryan M Harris wrote:
>I have a batch of code that is to be used for secure session identifiers
>in a network security system, can you tell me if this formula is good
>for that type of environment.

No, it is not. Your PRNG ("Mersenne twister") is not cryptographically
strong. And you never took any care to ensure that the PRNG was seeded,
which is a very common failure mode.

You can find some information on how to do this right at
http://www.cs.berkeley.edu/~daw/rnd/index.html

Next message: Alex Russell: "Re: Secure random ID generation"
Previous message: Ryan M Harris: "Secure random ID generation"
In reply to: Ryan M Harris: "Secure random ID generation"
Next in thread: Ryan M Harris: "RE: Secure random ID generation"
Next in thread: Alex Russell: "Re: Secure random ID generation"
Reply: Ryan M Harris: "RE: Secure random ID generation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 12:01:03 PST