Le lun 15 nov 2004 18:24:06 CET, Ed Grimm <[EMAIL PROTECTED]>
a écrit :
> > Apache::Session generates the id by doing a md5 hash on a random
> > number (time () . {} . Rand() . $$) , maybe there are situation where
> > it generates the same id (also this should normaly not happen).
>
> MD5 hash collisions very well could have that frequency, at that volume.
>
> How hard would it be to change the code to use a SHA or SSHA hash
> instead? (Admittedly, I'm picking a more cryptographically secure hash
> at psuedo-random; there may be one that's more appropriate.)
Collisions with a 128 bits digest are *very* unlikely. It's more likely the
original pseudo random number that provides less than 128 bits of entropy.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
