Is microseconds really populated? I think it's just milliseconds even though resolution is down to microsecond level. That last three zeros are always zero on the time retrieval on the iseries I think. I recall looking at something using the time in the last year and noticed that.

But I did say seconds and it would be milliseconds. So a thousand times the number of seconds in the day. But cracker would be using session id's generated for upcoming minutes and seeing if they can nab someone's legitimate session handed out during that time.

As for the question someone raised about how critical the session as a guide to efforts expended, it all comes down to money and sensitive information. If a site is serving up neither, then no one cares.

On the other hand, it can't get any less of an effort than to offset the random number with concatenated job number and seconds as I suggested (and will be using myself) and be sequence predictable proof.

rd


Nathan Andelin wrote:
Walden H. Leverich wrote:
I can still easily crack that by running all possible times into
the random number generator until I find your sequence.

Would you have to run all possible times? That would be a big number (86,400,000,000 microseconds in a 24 hour period).

But the idea reminds me of cracking an encryption algorithm by running streams of null characters through the encryption routine and looking for a pattern in the result stream. If the algorithm is strong, you shouln't be able to see a pattern, even with just one key.

Nathan.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.