HTTP session-id's take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit session-id's and an efficient practical prediction algorithm. Using this attack an adversary may impersonate a legitimate client. Through the analysis we also present a novel, general space-time tradeoff for secure pseudo random number generator attacks. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Gutterman, Z., & Malkhi, D. (2005). Hold your sessions: An attack on java session-Id generation. In Lecture Notes in Computer Science (Vol. 3376, pp. 44–57). Springer Verlag. https://doi.org/10.1007/978-3-540-30574-3_5
Mendeley helps you to discover research relevant for your work.