Glenn Olander <[EMAIL PROTECTED]> writes:
> I think you may have misunderstood. I'm just pointing out that, from a
> user's
>
> perspective, a good solution requires two elements:
>
> 1) a good PRNG, such as secureRandom
> 2) a uniqueness guarantee
>
> I'm not saying a PRNG is unneeded. I'm just saying a good one like
> PRNG is good
>
> enough as long as it is accompanied by a uniqueness guarantee. Are you
> saying you
>
> want to remove the uniqueness guarantee?
I'm saying that a strong PRNG with a sufficiently wide session
ID provides a statistical probability of collision so low that
there is no need to explicitly check for uniqueness.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
