Glenn Olander <[EMAIL PROTECTED]> writes:
> 5) The strength of the PRNG is largely irrelevant
>
> As a user, I wouldn't trust any solution which lacks a check for
> duplicate session id's, regardless of the strength of the PRNG.
This doesn't seem to me to be a plausible position in view
of the fact that all of our security mechanisms absolutely
depend on statistical uniqueness of randomly generated large
numbers.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
