Forum Discussion
4 Replies
Sort By
- nitassEmployeei have used hash (i.e. md5) value of client ip + port + timestamp.
- Kevin_StewartEmployeeI guess it depends on how globally unique you want the value to be. MD5 isn't considered a secure hashing algorithm anymore because it's been computationally proven to allow collisions. That said, the number of iterations it'd likely take to produce an MD5 collision versus the number of user session you're prepared to support probably makes it a reasonable choice.
- spark_86682Historic F5 AccountThe AES::key command should be pretty cheap, CPU-wise. It only accesses the random number generator, and doesn't actually use any AES code. You seem to only be needing a 50-character random string, so you could do something like:
set new_session_value "[string range [AES::key 256] end-49 end]"
- spark_86682Historic F5 AccountAh! I see that that is not actually true in recent versions. It could be a little expensive. Here's something which should be pretty cheap on recent versions:
binary scan [CRYPTO::keygen -alg random -len 200] "H*" new_session_value