On 2010-04-30, Roger Shoaf wrote:
"Ignoramus9191" wrote in message
news
[ ... ]
On decent websites, cookies are hard to guess. My site algebra.com
gives cookies like this:
Set-Cookie: algebra_session=99c16b978354929m73a48ag2e1d7a850; path=/;
expires=Mon, 05-Jul-2010 21:21:30 GMT
(cookie slightly altered but looks same as the original). It is not
easy to guess someone else's cookie.
Do the cookies progress randomly or could one deduce the progression or
regression from a limited sample? It would seem to me that if the cookie
generation was not given a lot of thought, then on commercial sites, one
might have the ability to sneak in and poke around.
If I were generating cookies which could be used to access
personal information, I would probably start with the process ID and the
unix raw date, with the digits interleaved by some pattern, and then run
a MD5 checksum on it to generate the actual cookie numbers. Depending
on how serious the stored data was, I would probably toss another few
randomizers into the game.
Enjoy,
DoN.
--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. |
http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---