I know that the space is theoretically 128 bit (2^128) but who can promise that it is not made of 12 bits of seed (which are very predictable ..).
I was looking in the archive before my posting and found nothing about it, can you please point out one of the postings? thanks, Bill ----- Original Message ----- From: "Tim Funk" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Friday, April 23, 2004 4:40 PM Subject: Re: session-id prediction > They'd have to be one incredible guesser. Session ids are random and the > session ID space is gigantic. Check the archives for a session id duplication > discussion that went through all the math details. > > -Tim > > Bill Gorr wrote: > > > Hello all, > > > > Is there something in Tomcat that stops an adversary from guessing someone else session-id and preform > > a session hijacking? > > > > thanks. > > > > Bill > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]