tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: Duplicate session IDs?
Date Mon, 30 Dec 2002 10:07:11 GMT
Bill Barker wrote:
>>"Schnitzer, Jeff" <JSchnitzer@maxis.com> writes:
>>
>>The standard fix for this is to use a cryptographic pseudo-random
>>number generator, such as Java's SecureRandom. SecureRandom
>>automatically seeds itself from allegedly random system data.
>>the probability that two sufficiently long random numbers
>>(e.g. 16 bytes) will collide is vanishing. (E.g. with a 16-byte
>>session ID, you'd have to generate > 2^60 session IDs to have
>>a reasonable chance of collision.
>>
> 
> 
> Nice to have you back Eric :-)
> 
> As far as I can tell, ManagerBase could really use your expertise on this.
> The current algorithm is really bad :-(

Yes, it would be nice to have a new one for Tomcat 5.

Remy


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message