|
|
|
|
|
|
by jmull
1310 days ago
|
|
|
I’m not sure it’s bad to use a random UUID (v4) generated with a random number generator designed for cryptography for a validated session key. A guess means making a request to your server. You won’t be concerned with ~2^64 guesses per second. I’m not suggesting anyone do it, if you have a choice. (Especially consider you’ll probably have to go through the trouble to justify it to people who read articles like this but don’t understand the math.) But if you have an existing system, consider whether you can let it stand. |
|
|