Re: Generating session keys in RPG using HASH values -- WEB400

Aaron, no, I meant to say "generated" and what I mean by that is a brute
force program that "generates" and tries on session key after another.

For example:

ABX-->ABY-->ABZ-->ACA-->ACB-->ACC--ACD, etc, etc.

BTW, I did try the GENUUID api, and while I did get a unique identifier, it
ceratinly wasn't random:

FE805115A300A0C9
08A0B5871004C292

FE305115A300A0C9
09B0B5871004C292

FE505115A300A0C9
0960B5871004C292

FE605115A300A0C9
0980B5871004C292

Bob Cozzi says there's a random routine included in the C support on the
iSeries.  I'll be taking a look at that next...


----- Original Message -----
From: "Bartell, Aaron L. (TC)" <ALBartell@taylorcorp.com>
To: "'Web Enabling the AS400 / iSeries'" <web400@midrange.com>
Sent: Thursday, January 16, 2003 2:47 PM
Subject: RE: [WEB400] Generating session keys in RPG using HASH values


> >Using a long alpha-numeric, provided I can truly generate a random set of
> characters each time, does reduce the chance of a session key being
> generated by a brute force method.
>
> I didn't understand your last statement.  Did you mean to say "duplicated"
> instead of "generated"?
>
> Another method would be to use the C API that was mentioned, and record
each
> session key in a file after it has been used.  Then when you create your
> next key check the file to see if that key is currently being used or has
> already been used (depending on how long you wanted to retain state).
>
> Aaron Bartell
>
> -----Original Message-----
> From: Michael Skvarenina [mailto:mskvarenina@usa.net]
> Sent: Thursday, January 16, 2003 1:37 PM
> To: Web Enabling the AS400 / iSeries
> Subject: Re: [WEB400] Generating session keys in RPG using HASH values
>
>
> Well, I don't want to give too much away on this open forum but the
session
> key is used to chain back to a database file to get to the "real" data
which
> then runs the apps.  Using a long alpha-numeric, provided I can truly
> generate a random set of characters each time, does reduce the chance of a
> session key being generated by a brute force method.
>
> ----- Original Message -----
> From: "Bartell, Aaron L. (TC)" <ALBartell@taylorcorp.com>
> To: "'Web Enabling the AS400 / iSeries'" <web400@midrange.com>
> Sent: Thursday, January 16, 2003 2:05 PM
> Subject: RE: [WEB400] Generating session keys in RPG using HASH values
>
>
> > I am in the same boat as Bryan, I wouldn't want to take the chance of
> having
> > the same session id come up.  I would just create a control file and
> > increment a number with an RPG ILE interface.
> >
> > Do you need it to be alpha-numeric?
> >
> > Aaron Bartell
> >
> > -----Original Message-----
> > From: Bryan Yates [mailto:byates@co.collin.tx.us]
> > Sent: Thursday, January 16, 2003 12:43 PM
> > To: Web Enabling the AS400 / iSeries
> > Subject: RE: [WEB400] Generating session keys in RPG using HASH values
> >
> >
> > If you want something guarantied to be unique everytime, why not use the
> > UUID api's which will give you a 128bit unique hex value?
> >
> > -----Original Message-----
> > From: Michael Skvarenina [mailto:mskvarenina@usa.net]
> > Sent: Thursday, January 16, 2003 11:00 AM
> > To: WEB400@midrange.com
> > Subject: [WEB400] Generating session keys in RPG using HASH values
> >
> >
> > I need to generate a pseudo-random character string to be used as a
> session
> > key in my browser applications.  Has anyone used a hashing method in RPG
> to
> > generate a pseudo-random number and if so, could you please post it.
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> >
> >
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> >
> >
>
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> or email: WEB400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> or email: WEB400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>