Home » Story links » Param's story links

An Attack on Java Session-Id Generation

Link: http://www.cs.huji.ac.il/~zvikag/ZviGuttermanHomePage.files/...
Points: 733 views User: Param Comments: 0 Comments Tag:

HTTP session-id take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit session-id and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure pseudo random number generator attacks.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.