the random session key depends now on the session_key_int

sent by the 'attacker'
        dig1 = md5(cookie|session_key_int);
        dig2 = md5(dig1|cookie|session_key_int);
        fake_session_key = dig1|dig2;
this change is caused by a mail from anakin@pobox.com
patch based on discussions with my german advisor niels@openbsd.org

0 files changed, 0 insertions, 0 deletions