I checked the svn history of why MD5 (hashing was used) and the picture
is incomplete. (unless someone asks craig since I think he was the author)
But it appears like this ...
Tomcat 3.X use Math.random() and some misc crap to generate its session
id. It had a comment (paraphrased), not secure
On 11/25/2010 05:33 PM, Mark Thomas wrote:
How about this as an approach to reduce the complexity:
1. Remove the MD5 code (optional)
2. Default to /dev/urandom then SecureRandom. Don't fall back to Random.
3. Provide a class that implements Random that reads data from a file
4. If randomFile is
Sorry for the additional noise ... my svn emails are in a different
folder from dev emails. I just noticed ...
svn commit: r1039882 -
/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
-Tim
On 11/29/2010 7:40 AM, Tim Funk wrote:
I checked the svn history of why MD5 (hashing
On 29/11/2010 13:41, Tim Funk wrote:
Sorry for the additional noise ... my svn emails are in a different
folder from dev emails. I just noticed ...
Good to see we were thinking along the same lines. I still want to get
to the bottom of the really poor performance on my Mac. Before I do
that, I
2010/11/29 Mark Thomas ma...@apache.org:
Good to see we were thinking along the same lines. I still want to get
to the bottom of the really poor performance on my Mac.
Looking at documentation for SecureRandom() constructor, it uses
whatever implementation that it finds first. So,
On 29/11/2010 15:52, Konstantin Kolinko wrote:
2010/11/29 Mark Thomas ma...@apache.org:
Good to see we were thinking along the same lines. I still want to get
to the bottom of the really poor performance on my Mac.
Looking at documentation for SecureRandom() constructor, it uses
whatever
On Thu, 2010-11-25 at 16:33 +, Mark Thomas wrote:
I wouldn't call it bad. It doesn't do any harm (apart from adding a very
small amount of overhead), and it would help if the random source
selected ended up not being that random.
I thought the trade-off of protection against bad choices
On Thu, 2010-11-18 at 19:59 +, ma...@apache.org wrote:
Author: markt
Date: Thu Nov 18 19:59:11 2010
New Revision: 1036595
URL: http://svn.apache.org/viewvc?rev=1036595view=rev
Log:
Fix expiration statistics broken by r1036281
Add session creation and expiration rate statistics based
On 25/11/2010 16:10, Remy Maucherat wrote:
On Thu, 2010-11-18 at 19:59 +, ma...@apache.org wrote:
Author: markt
Date: Thu Nov 18 19:59:11 2010
New Revision: 1036595
URL: http://svn.apache.org/viewvc?rev=1036595view=rev
Log:
Fix expiration statistics broken by r1036281
Add session
Author: markt
Date: Thu Nov 18 19:59:11 2010
New Revision: 1036595
URL: http://svn.apache.org/viewvc?rev=1036595view=rev
Log:
Fix expiration statistics broken by r1036281
Add session creation and expiration rate statistics based on the 100 most
recently created/expired sessions
Modify average
10 matches
Mail list logo
