On Mon, Jan 19, 2009, Chris Tan <[email protected]> wrote: >> For an estimate of the required sample size, see "A Cryptographic >> Compendium" by J. Savard, section "The Mersenne Twister" >> <http://www.quadibloc.com/crypto/co4814.htm>, subsection called >> "Applications to Cryptography". He writes: >> >> "Despite the fact that the Mersenne Twister is an extremely good >> pseudo-random number generator, it is not cryptographically secure by >> itself for a very simple reason. It is possible to determine all >> future states of the generator from the state the generator has at any >> given time, and either 624 32-bit outputs, or 19,937 one-bit outputs >> are sufficient to provide that state." > > It's actually even weaker than that. A man in the middle attacker > (e.g. a wifi provider) wouldn't even need to predict the next token; > sniffing the current token and inserting a script tag into the next > page the user requests would work perfectly (I'm using the cookie > method).
Yes, that's just a different threat model. The best random numbers won't save your session cookies if you have a man in the middle listening. But that can dealt with using SSL if needed. Similarly, even if you're https-only and all, a vulnerable RNG can still be exploited. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
