Hosting Provided By

Re: Secure random ID generation

From: David Wagner <daw(at)mozart.cs.berkeley.edu>
Date: Tue Dec 03 2002 - 12:26:10 EST

Ryan M Harris wrote:
>I have a batch of code that is to be used for secure session identifiers

No, it is not. Your PRNG ("Mersenne twister") is not cryptographically strong. And you never took any care to ensure that the PRNG was seeded, which is a very common failure mode.

You can find some information on how to do this right at http://www.cs.berkeley.edu/~daw/rnd/index.html Received on Tue Dec 3 15:01:15 2002

This message: [ Message body ]
Next message: Alex Russell: "Re: Secure random ID generation"
In reply to Ryan M Harris: "Secure random ID generation"
Next in thread: Ryan M Harris: "RE: Secure random ID generation"
Reply: Ryan M Harris: "RE: Secure random ID generation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT