Forum Discussion
Joern_Oltmann
Nimbostratus
NimbostratusHow can I create a unique session value with a minimum on server load
Hi all,
I have created an iRule which generate a global unique cookie for Tracking my customer
I generate this session value like:
set new_session_value "[string range [AES::key 128] 15 end][string range [AES::key 128] 15 end]"
But I think this command is not the best one, because of the Serverload.
Have anyone an idea how to create this session value better?
4 Replies
- nitass
Employee
i have used hash (i.e. md5) value of client ip + port + timestamp.
just my 2 cents. - Kevin_StewartI guess it depends on how globally unique you want the value to be. MD5 isn't considered a secure hashing algorithm anymore because it's been computationally proven to allow collisions. That said, the number of iterations it'd likely take to produce an MD5 collision versus the number of user session you're prepared to support probably makes it a reasonable choice.
And for what it's worth, a single AES operation is no better or worse than the two you're using, and likely less intensive to produce. - The AES::key command should be pretty cheap, CPU-wise. It only accesses the random number generator, and doesn't actually use any AES code. You seem to only be needing a 50-character random string, so you could do something like:
set new_session_value "[string range [AES::key 256] end-49 end]"
which only makes one call to the RNG and only has one string processing command. - Ah! I see that that is not actually true in recent versions. It could be a little expensive. Here's something which should be pretty cheap on recent versions:
binary scan [CRYPTO::keygen -alg random -len 200] "H*" new_session_value
This will generate a random 50 byte (== 200 bits) hex string pretty cheaply.
