>>>>> "Carlos" == Carlos Konstanski <[email protected]> writes:
Carlos> The reason I am using Carlos> /dev/urandom is because I have witnessed other generators repeat Carlos> themselves. If someone were to get a sessionid that an administrator Carlos> had previously, that could be enough to give elevated privileges in a Carlos> webapp. Are you confusing "guaranteed to generate a distinct series of numbers from a limited set" with "random"? It's starting to smell like you are. If you want to ensure non-duplicate numbers over a range, deal from a pool without replacement. Don't count on a "random number generator" to not deal the same number twice. Remember: the sequence "5 5 5 5 5" is a random sequence (one of many :). -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[email protected]> <URL:http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
