[JDEV] Still another patch ... (seed the rand() function)
Joe Hildebrand
JHildebrand at jabber.com
Tue Oct 14 11:20:19 CDT 2003
I'm not a proper member of the security mafia; I just play one on TV, but
that seems like it would be fine. As long as the "them" in your sentence is
the seed for the RNG, not the id itself. I think it's probably good karma
for the id to be both relatively unique and hard to predict.
Too bad you can't just call CoCreateGuid()... :)
--
Joe Hildebrand
> -----Original Message-----
> From: Matthias Wimmer [mailto:m at tthias.net]
> Sent: Tuesday, October 14, 2003 3:46 AM
> To: jdev at jabber.org
> Subject: Re: [JDEV] Still another patch ... (seed the rand() function)
>
> Hi Joe!
>
> Joe Hildebrand schrieb am 2003-10-13 17:36:37:
> > You just want it to be difficult for the attacker to
> predict when the
> > same id is going to come around again. If they are
> *really* unique,
> > this will never be a problem.
>
> To get them really unique one could just use a timestamp and
> concatenate a serial number within that timestamp. This will
> require 136 years to get the same challenge again (for 32 bit
> timestamps).
>
> Would you feel better with these challenges?
>
>
> Tot kijk
> Matthias
>
> --
> For kibibytes see:
> http://www.iec.ch/online_news/etech/arch_2003/etech_0503/focus.htm
>
More information about the JDev
mailing list