Jack Lloyd wrote:
On Wed, Nov 24, 2004 at 10:06:10PM +0000, Ben Laurie wrote:
victor sherbinin wrote:
I'm wondering whether generation of SSL session ID has to be based on
random numbers. In my system, it would be more comfortable for me to
generate a sequentially incrementing 64-bit or 128-bit session ID,
with some constant padding. Does this violate the security of SSL in
any way?
Definitely. If someone can steal your session, they can steal
authentication.
Huh? Wouldn't the attacker have to know the master secret for that session to
actually do anything useful? After all, anyone can see the session id as it
passes in the clear in the server hello -- if SSL could be broken by someone
who knows or can guess a session id, there is something in desperate need of a
fix.
The only problem I can think of is someone reconnecting for that session and
then sending junk, so the session is invalidated. This will cause a performance
hit when the legit client reconnects, and that's about it AFAICT. And if you
want to DoS a SSL server, it seems better to establish a ton of connections and
terminate each one after sending the client key exchange message, which will
probably make their CPU(s) very unhappy doing all the RSA decrypts.
Hmm. This'll teach me to answer this kind of question when I'm drunk :-)
You may be right. I'm going to think about it for a bit.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
