Plaintext SID? Couldn't you just replay that SID then? Or generate random SIDs a... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Kliment on Jan 10, 2015 \| parent \| context \| favorite \| on: Typing the Letters A-E-S Into Your Code (2009) Plaintext SID? Couldn't you just replay that SID then? Or generate random SIDs and see what sticks?

seszett on Jan 10, 2015 [–]

If your SIDs are large enough, it's no different from generating random encrypted cookies until one works, so not practical at all.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact