×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Is microseconds really populated? I think it's just milliseconds
even though resolution is down to microsecond level. That last three
zeros are always zero on the time retrieval on the iseries I think. I
recall looking at something using the time in the last year and noticed
that.
But I did say seconds and it would be milliseconds. So a thousand
times the number of seconds in the day. But cracker would be using
session id's generated for upcoming minutes and seeing if they can nab
someone's legitimate session handed out during that time.
As for the question someone raised about how critical the session as
a guide to efforts expended, it all comes down to money and sensitive
information. If a site is serving up neither, then no one cares.
On the other hand, it can't get any less of an effort than to offset
the random number with concatenated job number and seconds as I
suggested (and will be using myself) and be sequence predictable proof.
rd
Nathan Andelin wrote:
Walden H. Leverich wrote:
I can still easily crack that by running all possible times into
the random number generator until I find your sequence.
Would you have to run all possible times? That would be a big number
(86,400,000,000 microseconds in a 24 hour period).
But the idea reminds me of cracking an encryption algorithm by running
streams of null characters through the encryption routine and looking
for a pattern in the result stream. If the algorithm is strong, you
shouln't be able to see a pattern, even with just one key.
Nathan.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.