Bit strength of JSESSIONID?

Forum|Forum|14 years ago
August 10, 2011
1 reply
1367 views

Our security folks are proposing new coding standards, one being "Use session identifiers of at least 128 bits long". Sorry if I missed it, but I can't find how many bits is JSESSIONID, does anyone know?

This topic has been closed for replies.

Correct answer Adam Cameron.

You should be able to work this out for yourself.

Looking @ a jsessionid value, you can see it's a 36 digit hexadecimal number. Each hexadecimal digit is four bits long. 36x4=144 bits.

As an aside, I'm rather surprised it's 36 digits long, rather than just a UUID (32 digits long). Anyone else know why?

--

Adam

A

Adam Cameron.Correct answer

Inspiring

You should be able to work this out for yourself.

Looking @ a jsessionid value, you can see it's a 36 digit hexadecimal number. Each hexadecimal digit is four bits long. 36x4=144 bits.

As an aside, I'm rather surprised it's 36 digits long, rather than just a UUID (32 digits long). Anyone else know why?

--

Adam

M

mkane1Author

Inspiring

Thanks Adam. hexadecimal? bits long? I never understood that kind of math!

A

Adam Cameron.

Inspiring

I guess I'm old school... we needed to know this stuff back when I started out. I s'pose it's less important to know these days.

But that's no reason for you to not find out:

http://en.wikipedia.org/wiki/Hexadecimal

--

Adam

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded