Abstract
Pekka Nikander: Maybe I’m missing something, but what’s the advantage of a double hashing here, or first supplying a and then H(.) , instead of having, for example, two different hash functions?
Reply: If the cookie was another hash of something then the server wouldn’t be able to verify whether that cookie is correct.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Murdoch, S.J. (2011). Hardened Stateless Session Cookies (Transcript of Discussion). In: Christianson, B., Malcolm, J.A., Matyas, V., Roe, M. (eds) Security Protocols XVI. Security Protocols 2008. Lecture Notes in Computer Science, vol 6615. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22137-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-22137-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22136-1
Online ISBN: 978-3-642-22137-8
eBook Packages: Computer ScienceComputer Science (R0)