Sciweavers

CTRSA
2005
Springer

Hold Your Sessions: An Attack on Java Session-Id Generation

14 years 4 months ago
Hold Your Sessions: An Attack on Java Session-Id Generation
HTTP session-id’s take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit session-id’s and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure pseudo random number generator attacks.
Zvi Gutterman, Dahlia Malkhi
Added 29 Jun 2010
Updated 29 Jun 2010
Type Conference
Year 2005
Where CTRSA
Authors Zvi Gutterman, Dahlia Malkhi
Comments (0)