perl-embperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre Etchemaite <petch...@concept-micro.com>
Subject Re: Sessions get mixed up ?
Date Mon, 15 Nov 2004 22:35:29 GMT
Le lun 15 nov 2004 18:24:06 CET, Ed Grimm <edgrimm@dsblade00.wat.us.ray.com>
a écrit :

> > Apache::Session generates the id by doing a md5 hash on a random
> > number (time () . {} . Rand() . $$) , maybe there are situation where
> > it generates the same id (also this should normaly not happen).
> 
> MD5 hash collisions very well could have that frequency, at that volume.
> 
> How hard would it be to change the code to use a SHA or SSHA hash
> instead?  (Admittedly, I'm picking a more cryptographically secure hash
> at psuedo-random; there may be one that's more appropriate.)

Collisions with a 128 bits digest are *very* unlikely. It's more likely the
original pseudo random number that provides less than 128 bits of entropy.

---------------------------------------------------------------------
To unsubscribe, e-mail: embperl-unsubscribe@perl.apache.org
For additional commands, e-mail: embperl-help@perl.apache.org


Mime
View raw message