[REBOL] Re: RWT: Cookies
From: petr:krenzelok:trz:cz at: 5-Mar-2003 13:34
Laurent Chevalier wrote:
> Hi Petr,
> I wrote a bit quickly this morning and I've swallowed some words. I
> wanted to say that the entropy provided by the config/log-path file
> ensures that a hacker can not guess the initial seed of the random
> If you use time and if time is not precise enough, then you may be
> vulnerable to brute force attacks, but I agree with you the risks are
> rather low.
> Moreover, you need to initialize the random generator each time with a
> different random/seed to avoid always using the same random sequence.
> IMHO, if you want to keep things simple, I think this would be a bit
> more secure :
> random/seed to-string now/precise
> id: copy ""
> loop 30 [ append id first random "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ]
OK, thanks - then only one question remains for me - what is
random/secure option good for? Maybe it restart randomizer and even does
some more things to ensure randomizer is "secure" enough?