Re: Re: Secure Session ID values


Pathologically Eclectic Rubbish Lister
	PerlMonks

Re: Re: Secure Session ID values

by BlueLines (Hermit)

on Nov 20, 2001 at 23:51 UTC ( [id://126599]=note: print w/replies, xml )

Need Help??

in reply to Re: Secure Session ID values
in thread Secure Session ID values

ugh. being unique isn't necessarily secure though. i mean, this is a fairly predictable number (in comparison to, say, the md5 sum of time().$$ encrypted with your pgp key). this wouldn't be that difficult to brute force, and if there was something valuable on the other end (money, classified info), then i'm sure someone would try.

i reccomend this paper. This guy's perl isn't that great, but the ideas expressed are good, and there's several examples of hijacking session id's in the real world.

BlueLines

Disclaimer: This post may contain inaccurate information, be habit forming, cause atomic warfare between peaceful countries, speed up male pattern baldness, interfere with your cable reception, exile you from certain third world countries, ruin your marriage, and generally spoil your day. No batteries included, no strings attached, your mileage may vary.

Comment on Re: Re: Secure Session ID values

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://126599]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others scrutinizing the Monastery: (2)

As of 2024-04-25 05:39 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found