> > How hard would it be to change the code to use a SHA or SSHA > hash instead? (Admittedly, I'm picking a more > cryptographically secure hash at psuedo-random; there may be > one that's more appropriate.) Note that I realize they take > longer to generate, but that time only happens at login, not > per page view, and it should reduce the hash collision rate > dramatically. >
It is very simple to change the code. Apache::Session is very modular, so you can specify whihg Generator to use. Go to the Apache::Session source and take a look at Session/Generator/MD5.pm Create a new similar module with your desired alogrithem and specify it as Generatior in the Embperl config Gerald --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
