Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] Re: RWT: Cookies

From: petr:krenzelok:trz:cz at: 5-Mar-2003 13:34

Laurent Chevalier wrote:
> Hi Petr, > > I wrote a bit quickly this morning and I've swallowed some words. I > wanted to say that the entropy provided by the config/log-path file > ensures that a hacker can not guess the initial seed of the random > generator. > > If you use time and if time is not precise enough, then you may be > vulnerable to brute force attacks, but I agree with you the risks are > rather low. > > Moreover, you need to initialize the random generator each time with a > different random/seed to avoid always using the same random sequence. > > IMHO, if you want to keep things simple, I think this would be a bit > more secure : > > random/seed to-string now/precise > id: copy "" > loop 30 [ append id first random "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" ] > id
OK, thanks - then only one question remains for me - what is random/secure option good for? Maybe it restart randomizer and even does some more things to ensure randomizer is "secure" enough? -pekr-