How about using the UUID plus requiring that the orginating IP be the same, and 
then adding a time stamp to expire the id after a period of time?

-----Original Message-----
From: Michael Skvarenina [mailto:mskvarenina@usa.net]
Sent: Thursday, January 16, 2003 2:07 PM
To: Web Enabling the AS400 / iSeries
Subject: Re: [WEB400] Generating session keys in RPG using HASH values


Tom, the hashing and/or "randomness" of the data is for security reasons,
not just to ensure uniqueness.  We're trying to generate a random key that
someone couldn't just edit with Notepad and resend to our server.  The
hashing I was asking about came from a paper I read that used a hashing
routine to generate pseudo-random numbers.  Actually Bryan Yates idea about
using the UUID api sounds really good and I'm in the process of trying it
right now.


----- Original Message -----
From: "Tom Jedrzejewicz @ San Pedro" <TJedrzejewicz@contessa.com>
To: <web400@midrange.com>
Sent: Thursday, January 16, 2003 2:54 PM
Subject: Re: [WEB400] Generating session keys in RPG using HASH values


> Why do the hashing?
>
> How about 12i number jjjhhmmssxxx
>       jjj = julian day
>       hhmmss = time
>       xxx = adjusted milliseconds
>
> I is guaranteed unique for a year, a duplicate is a virtual
> impossibility, and you don't have to screw around with figuring out
> API's etc.
>
> Take care.
>
> >>> mskvarenina@usa.net 01/16/03 11:02AM >>>
> Tom, that was my first idea.  I cooked up an algorithm that took the
> timestamp, including the milliseconds and performed a bunch of
> mathematics
> to it but as you can see below, patterns became obvious.  The columns
> were
> as follows:  Milliseconds (note we don't get the full 6 digits in
> RPG),
> adjusted milliseconds, second, minute, hour, minute, calculated
> number,
> substring of calculated number.
>
>  692000   692   04   17   10   16   000172757734260   757734
>  693000   693   04   17   10   16   000173007384165   007384
>  694000   694   04   17   10   16   000173257034070   257034
>  695000   695   04   17   10   16   000173506683975   506683
>  696000   696   04   17   10   16   000173756333880   756333
>  697000   697   04   17   10   16   000174005983785   005983
>  698000   698   04   17   10   16   000174255633690   255633
>  699000   699   04   17   10   16   000174505283595   505283
>  700000   700   04   17   10   16   000174754933500   754933
>  701000   701   04   17   10   16   000175004583405   004583
>  702000   702   04   17   10   16   000175254233310   254233
>  703000   703   04   17   10   16   000175503883215   503883
>  704000   704   04   17   10   16   000175753533120   753533
>  705000   705   04   17   10   16   000176003183025   003183
>  706000   706   04   17   10   16   000176252832930   252832
>
>
>
> ----- Original Message -----
> From: "Tom Jedrzejewicz @ San Pedro" <TJedrzejewicz@contessa.com>
> To: <web400@midrange.com>
> Sent: Thursday, January 16, 2003 1:23 PM
> Subject: Re: [WEB400] Generating session keys in RPG using HASH values
>
>
> > How about getting the current system time out to the millisecond?
> > It isn't random, but it will be unique.
> >
> > >>> mskvarenina@usa.net 01/16/03 08:59AM >>>
> > I need to generate a pseudo-random character string to be used as a
> > session key in my browser applications.  Has anyone used a hashing
> > method in RPG to generate a pseudo-random number and if so, could
> you
> > please post it.
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> >
> > THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY
> TO
> WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
> CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW.  If the
> reader
> of this message is not the intended recipient, or the employee or
> agent
> responsible for delivering the message to the intended recipient, you
> are
> hereby notified that any dissemination, distribution, copying,
> downloading,
> storing or forwarding of this communication is prohibited.  If you
> have
> received this communication in error, please notify us immediately via
> email
> and delete the message from your computer files and/or data base.
> Thank
> you.
> > _______________________________________________
> > This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> > To post a message email: WEB400@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> > or email: WEB400-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/web400.
> >
>
>
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> or email: WEB400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
> THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INDIVIDUAL OR ENTITY TO
WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED,
CONFIDENTIAL AND EXEMPT FROM DISCLOSURE UNDER APPLICABLE LAW.  If the reader
of this message is not the intended recipient, or the employee or agent
responsible for delivering the message to the intended recipient, you are
hereby notified that any dissemination, distribution, copying, downloading,
storing or forwarding of this communication is prohibited.  If you have
received this communication in error, please notify us immediately via email
and delete the message from your computer files and/or data base.  Thank
you.
> _______________________________________________
> This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
> To post a message email: WEB400@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
> or email: WEB400-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/web400.
>
>


_______________________________________________
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list
To post a message email: WEB400@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo.cgi/web400
or email: WEB400-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.



This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].