Skip to main content
Conference Proceedings

Hold your sessions: An attack on java session-Id generation

Lecture Notes in Computer Science (2005) 3376 44-57
DOI: 10.1007/978-3-540-30574-3_5
22Citations
Citations of this article
31Readers
Mendeley users who have this article in their library.
Get full text

Abstract

HTTP session-id's take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit session-id's and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure pseudo random number generator attacks. © Springer-Verlag Berlin Heidelberg 2005.

Author supplied keywords

Cite

CITATION STYLE

APA

Gutterman, Z., & Malkhi, D. (2005). Hold your sessions: An attack on java session-Id generation. In Lecture Notes in Computer Science (Vol. 3376, pp. 44–57). Springer Verlag. https://doi.org/10.1007/978-3-540-30574-3_5

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free