On 29/11/2010 15:52, Konstantin Kolinko wrote:
> 2010/11/29 Mark Thomas :
>> Good to see we were thinking along the same lines. I still want to get
>> to the bottom of the really poor performance on my Mac.
>
> Looking at documentation for SecureRandom() constructor, it uses
> whatever implementa
2010/11/29 Mark Thomas :
> Good to see we were thinking along the same lines. I still want to get
> to the bottom of the really poor performance on my Mac.
Looking at documentation for SecureRandom() constructor, it uses
whatever implementation that it finds first. So, configuration of JRE
might
On 29/11/2010 13:41, Tim Funk wrote:
> Sorry for the additional noise ... my svn emails are in a different
> folder from dev emails. I just noticed ...
Good to see we were thinking along the same lines. I still want to get
to the bottom of the really poor performance on my Mac. Before I do
that, I
Sorry for the additional noise ... my svn emails are in a different
folder from dev emails. I just noticed ...
svn commit: r1039882 -
/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
-Tim
On 11/29/2010 7:40 AM, Tim Funk wrote:
I checked the svn history of why MD5 (hashing was
On 11/25/2010 05:33 PM, Mark Thomas wrote:
How about this as an approach to reduce the complexity:
1. Remove the MD5 code (optional)
2. Default to /dev/urandom then SecureRandom. Don't fall back to Random.
3. Provide a class that implements Random that reads data from a file
4. If randomFile is
I checked the svn history of why MD5 (hashing was used) and the picture
is incomplete. (unless someone asks craig since I think he was the author)
But it appears like this ...
Tomcat 3.X use Math.random() and some misc crap to generate its session
id. It had a comment (paraphrased), "not secure
On Thu, 2010-11-25 at 16:33 +, Mark Thomas wrote:
> I wouldn't call it bad. It doesn't do any harm (apart from adding a very
> small amount of overhead), and it would help if the random source
> selected ended up not being that random.
>
> I thought the trade-off of protection against bad choi
On 25/11/2010 16:10, Remy Maucherat wrote:
> On Thu, 2010-11-18 at 19:59 +, ma...@apache.org wrote:
>> Author: markt
>> Date: Thu Nov 18 19:59:11 2010
>> New Revision: 1036595
>>
>> URL: http://svn.apache.org/viewvc?rev=1036595&view=rev
>> Log:
>> Fix expiration statistics broken by r1036281
>>
On Thu, 2010-11-18 at 19:59 +, ma...@apache.org wrote:
> Author: markt
> Date: Thu Nov 18 19:59:11 2010
> New Revision: 1036595
>
> URL: http://svn.apache.org/viewvc?rev=1036595&view=rev
> Log:
> Fix expiration statistics broken by r1036281
> Add session creation and expiration rate statistics
Author: markt
Date: Thu Nov 18 19:59:11 2010
New Revision: 1036595
URL: http://svn.apache.org/viewvc?rev=1036595&view=rev
Log:
Fix expiration statistics broken by r1036281
Add session creation and expiration rate statistics based on the 100 most
recently created/expired sessions
Modify average se
10 matches
Mail list logo