Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Ellen Quaadgras
August 25, 2004, 1:34 am
rate this thread
encrypted cookie with the user's username as an access token. We'd
like to make sure the cookie can't be used in a replay attack & so
plan to include the IP address in it as well.
1. what is an accepted method of encryption for such a cookie? MD5?
Triple-DES? What are the issues to consider when selecting an
2. is there an accepted standard of what to include in such a cookie?
Expiration time? Other things? We've seen the article at:
http://www.w3.org/Security/Faq/CLT-Q10 , which talks about a MAC (MAC =
MD5("secret key " +
MD5("session ID" + "issue date" +
"expiration time" + "IP address" +
) -- is that the industry standard, given it's an article from w3? Is
- » SSRT4779 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow
- — Next thread in » General Computer Security
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum