Menu
My web application operates only over SSL and sets a time limited cookie for each user after they successfully login with a username and password. The biggest weaknesses in the system are one compromising an existing user's cookie. And two guessing a session ID GUID.
I know of mechanisms for the first weakness but I'm wondering how much I need to worry about the chance of an attacker guessing a session ID GUID based on a GUID they have previously obtained by logging into an account they have set up? The web server in this case is Windows 2003 and the GUIDs are being generated with .Net 3.5.
857
GUIDs are not intended to be cryptographically secure, just unique. Quite a lot of the format is predictable - 48 bit MAC address, a timestamp that is somewhat predictable if you know how it's generated and another few bits to deal with timestamp collisions. A technically sophisiticated attacker has a pretty good chance of reverse engineering a GUID.
You really need a cryptographically secure PRNG for a secure session key.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
