Security Basics mailing list archives
Re: Epithet
From: Alexander Lukyanenko <sashman () ua fm>
Date: Tue, 2 Dec 2003 21:53:02 +0200
Hello Steve, SKsc> We are currently developing a meta-directory project. One data element that SKsc> we may now be able to re-define, is that of a User's Identification (UID). That depends on many things, the first that comes to my mind, is where would the UID be stored on the client side. If the UID will be in a smart-card, USB pen drive or such, it would be OK to use some kind of jumbled data, or a complete nonsense. For instance, a GUID like {6CD03F67-3507-4cce-8355-CBF5158A96DE} will do, or you can take a MD5 or SHA1 hash of, say, full user name, the UNIX time of account creation and some random bytes. That would be *very* hard to forge and the UID will seem gibberish to an attacker. BUT, what if the users will be forced to memorize their long-and-scary UID along with a password (especially, if passwd's strength is enforced)? In this case, I personally recommend (from the users' point of view) to use first characters of user's full name plus some number (random or corresponding to the number of users with same initials, e.g. JRT1, JRT2 etc). -- Best regards, * * * * * * * * * * * * * * * * Alexander V. Lukyanenko * * ma1lt0: sashman....ua.fm * * ICQ# : 86195208 * * Phone : +380 44 458 07 23 * * OpenPGP key ID: 75EC057C * * NIC : SASH4-UANIC * * * * * * * * * * * * * * * *
Attachment:
_bin
Description:
Current thread:
- Epithet Steve . Kirby (Dec 02)
- Re: Epithet Alexander Lukyanenko (Dec 02)
- Identifying a computer Cheetah (Dec 03)
- Re: Identifying a computer Bryan Allen (Dec 03)
- RE: Identifying a computer Optrics Engineering - Shaun Sturby, MCSE (Dec 03)
- Re: Identifying a computer Ranjeet Shetye (Dec 03)
- Re: Identifying a computer ~Kevin DavisĀ³ (Dec 04)
- Re: Identifying a computer Ranjeet Shetye (Dec 05)
- Identifying a computer Cheetah (Dec 03)
- RE: Identifying a computer David Gillett (Dec 03)
- Re: Identifying a computer Tim Willard (Dec 03)
- RE: Identifying a computer Jason Balicki (Dec 04)
- Re: Identifying a computer Meritt James (Dec 05)
- Re: Epithet Alexander Lukyanenko (Dec 02)