Hold Your Sessions: An Attack on Java Session-Id Generation

13 years 9 months ago

Download research.microsoft.com

HTTP session-id’s take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit session-id’s and an eﬃcient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoﬀ for secure pseudo random number generator attacks.

Zvi Gutterman, Dahlia Malkhi

Real-time Traffic

Cryptology | CTRSA 2005 | Practical Prediction Algorithm | Pseudo Random Number Generator | Servlet 128-bit Session-id |

claim paper

Post Info
More Details (n/a)

Added	29 Jun 2010
Updated	29 Jun 2010
Type	Conference
Year	2005
Where	CTRSA
Authors	Zvi Gutterman, Dahlia Malkhi

Comments (0)

Sciweavers

Hold Your Sessions: An Attack on Java Session-Id Generation

Cryptology | CTRSA 2005 | Practical Prediction Algorithm | Pseudo Random Number Generator | Servlet 128-bit Session-id |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers