[no subject]

[r1ccard0 () hushmail com]

Hi all,

I was think about Random number generators and GUIDs, and alike and was 
wondering what the general opinion of the use of them.
Firstly, evey commerce site has the conundrum of preventing Web session 
spoofing/Session Hijacking.
Typically, it is very insecure to allow the sessions to be incremented for 
each customer visiting the site.
As shown early last year, numerous web sites came under attack, freely spitting 
ot customer information.
There for what would be the best solution to preventing Session hijacking?

Secondly, I believe using a solid Random Number generator that creates Session 
Id's would be a good bet.  However, I want to open the debate up for the 
use of GUID, a Global Unique IDentifier.  Used in Unix/NT these numbers 
are said to be guaranteed unique and random.  However, I have not seen any 
cryptoanalysis or white papers explaining Microsoft's implementation of 
their GUID generator or any other!

How secure is the MS GUID generator?  Any comments?

I look forward to your reply.
r1ccard0 
0 tolerance Tech.



IMPORTANT NOTICE:  If you are not using HushMail, this message could have been read easily by the many people who have 
access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.