Dirk-Willem van Gulik <[EMAIL PROTECTED]> writes:
> On 9 Jan 2003, Eric Rescorla wrote:
>
> > Remy Maucherat <[EMAIL PROTECTED]> writes:
> > > - A MD5 hash occurs after getting the SecureRandom. This looks like a
> > > mistake, and decreases the quality of the random a lot, but given the
> > > quality of MD5, that shouldn't be noticeable in the real world.
>
> > I think that the MD5 is pointless but it shouldn't decrease the
> > quality of the randomness to any interesting degree.
>
> It makes the value less predictible.
Not if the initial value came out of SecureRandom in the first
place.
> You propably want to argue -what- sort of randomness you want
>
> - unpredicable session id's
> - a unique session id
> - always a guaranteed different session id.
> - session id with no information.
>
> Pick one, pick two, but if you pick three or more you are going to have a
> hard time.
If you use a cryptographically secure PRNG you can get 1,2,4
and 3 with very high probability. The probability of two
properly randomly generated 128-bit numbers colliding is
negligible.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
