18 Nov 19:24
Re: same session id for 2 different users
From: Stefan J. Betz <stefan_betz@...>
Subject: Re: same session id for 2 different users
Newsgroups: gmane.comp.python.cherrypy
Date: 2008-11-18 18:24:23 GMT
Subject: Re: same session id for 2 different users
Newsgroups: gmane.comp.python.cherrypy
Date: 2008-11-18 18:24:23 GMT
Am 2008-11-18 10:04:40 -0800, Tim Roberts schrieb: > The session ID is, in fact, created by taking an SHA digest of a random > number from the random.random() function. That's somewhat misleading, > because the SHA isn't really adding anything; you might as well just > convert random.random() to hex directly. That is, you don't really have > 320 bits of uniqueness: you have 56 bits of uniqueness, because that's > all that is available in a result from random.random(). > > Still, random.random() uses a very good algorithm, and on a Linux system > I believe it is seeded from the entropy pool. It is vanishingly > unlikely that you will get two identical random.random() values in a > reasonable amount of time. Should someone write this in the Wiki? mfg Betz Stefan -- -- Betz Stefan -- Webdesign & Computerservice URL: http://www.stefan-betz.net Mail: info@...
RSS Feed