As long as you have SecureRandom available - you should be OK. (Unless Sun's implementation is bad.)
-Tim
Bill Gorr wrote:
I know that the space is theoretically 128 bit (2^128) but who can promise that it is not made of 12 bits of seed (which are very predictable ..).
I was looking in the archive before my posting and found nothing about it, can you please point out one of the postings?
thanks,
Bill
----- Original Message ----- From: "Tim Funk" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, April 23, 2004 4:40 PM
Subject: Re: session-id prediction
They'd have to be one incredible guesser. Session ids are random and the session ID space is gigantic. Check the archives for a session id
duplication
discussion that went through all the math details.
-Tim
Bill Gorr wrote:
Hello all,
Is there something in Tomcat that stops an adversary from guessing
someone else session-id and preform
a session hijacking?
thanks.
Bill
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
