On 9 Jan 2003, Eric Rescorla wrote:
> Remy Maucherat <[EMAIL PROTECTED]> writes: > > - A MD5 hash occurs after getting the SecureRandom. This looks like a > > mistake, and decreases the quality of the random a lot, but given the > > quality of MD5, that shouldn't be noticeable in the real world. > I think that the MD5 is pointless but it shouldn't decrease the > quality of the randomness to any interesting degree. It makes the value less predictible. But as it adds no information (and one could argule only looses it if the initial information had more than 128bits of randonm (which is highly unlikely)) it does not change the 'randomness' itself. You propably want to argue -what- sort of randomness you want - unpredicable session id's - a unique session id - always a guaranteed different session id. - session id with no information. Pick one, pick two, but if you pick three or more you are going to have a hard time. Dw -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
