Subject: Re: rpc xid randomness
To: None <,>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-security
Date: 09/08/2003 20:06:24
>> a ** b mod c

> we're not encrypting stuff, we're just trying to generate
> non-repeating random number.  so i beg to differ.

"Random" in what sense?

If it needs to be unpredictable, the weakness described is important.
If it just needs to be unlikely to repeat any id used in the recent
past, it's not.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B