Hold Your Sessions: An Attack on Java Session-Id Generation
作者: Zvi Gutterman , Dahlia Malkhi
DOI: 10.1007/978-3-540-30574-3_5
关键词:
摘要: HTTP session-id's take an important role in almost any web site today. This paper presents a cryptanalysis of Java Servlet 128-bit and efficient practical prediction algorithm. Using this attack adversary may impersonate legitimate client. Through the analysis we also present novel, general space-time tradeoff for secure pseudo random number generator attacks.
springer.com
sci-hub.se 参考文章(14)
James Goodwill, Apache Jakarta-Tomcat ,(2001)
Philippe Oechslin, Making a Faster Cryptanalytic Time-Memory Trade-Off Advances in Cryptology - CRYPTO 2003. ,vol. 2729, pp. 617- 630 ,(2003) , 10.1007/978-3-540-45146-4_36
Elad Barkan, Eli Biham, Nathan Keller, Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication Advances in Cryptology - CRYPTO 2003. pp. 600- 616 ,(2003) , 10.1007/978-3-540-45146-4_35
T. Dierks, C. Allen, The TLS Protocol Version 1.0 IETF RFC 2246. ,vol. 2246, pp. 1- 80 ,(1999)
H. Frystyk, L. Masinter, J. Mogul, J. Gettys, R. Fielding, P. Leach, T. Berners-Lee, Hypertext Transfer Protocol -- HTTP/1.1 acm conference on hypertext. ,vol. 2068, pp. 1- 162 ,(1997)
Joel R. Spiegel, Peri Hartman, Jeffrey P. Bezos, Shel Kaphan, Method and system for placing a purchase order via a communications network ,(1998)
L. Montulli, D. Kristol, HTTP State Management Mechanism RFC2109. ,vol. 2109, pp. 1- 21 ,(1997)
M. Hellman, A cryptanalytic time-memory trade-off IEEE Transactions on Information Theory. ,vol. 26, pp. 401- 406 ,(1980) , 10.1109/TIT.1980.1056220
Joan Boyar, Inferring sequences produced by a linear congruential generator missing low-order bits Journal of Cryptology. ,vol. 1, pp. 177- 184 ,(1989) , 10.1007/BF02252875
L. Blum, M. Blum, M. Shub, A simple unpredictable pseudo random number generator SIAM Journal on Computing. ,vol. 15, pp. 364- 383 ,(1986) , 10.1137/0215025