WebApp Sec mailing list archives
Re: User ID generation
From: Scovetta Labs <security () scovettalabs com>
Date: Thu, 14 Apr 2005 17:20:55 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andi, The user's birthdate would become their "username" and the 4-digit random number would be their password. First, 4-digits is not enough. The entire username-password space is on the order of (12*30*80)*(10000) = 288 million, or about 28 bits-- that's kind of low. And you could probably restrict the limit to people aged 25-35, so (12*30*10)*(10000) = about 36 million, or 25 bits. If you want to make that stronger, then you need to increase the 4-digits to 6 or 8, and by then, what's the point of the birthdate? I think the normal "username" and "password" give a much larger space and are easier to remember. Just my $0.02. Mike Andi McLean wrote: | Whilst talking about usernames, I was wondering what people's thoughts were on | the following scheme. | | The users date of birth, Selected from drop down boxes, and entering a 4 digit | random number, selected by the system, so username are unique. | | Cheers | Andi - -- Michael Scovetta Scovetta Labs www.scovettalabs.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCXt62K5Y2cJWwwk0RApJ6AKCKc4TX+iGyeS0yTKeVhPRkNvEZqgCgvDSz zvUWkfaoUg8pFSZKMpM+Q2A= =qmeM -----END PGP SIGNATURE-----
Current thread:
- User ID generation Jason binger (Apr 13)
- RE: User ID generation Andrew van der Stock (Apr 13)
- RE: User ID generation Thomas Ng (Apr 13)
- Re: User ID generation Scovetta Labs (Apr 13)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Adam K (Apr 18)
- Re: User ID generation Scovetta Labs (Apr 18)
- Re: User ID generation Andi McLean (Apr 14)
- Re: User ID generation Paul M. (Apr 18)
- <Possible follow-ups>
- RE: User ID generation Murtland, Jerry (Apr 18)
- Re: User ID generation Andi McLean (Apr 18)
- Re: User ID generation Lucas Holt (Apr 20)
- Re: User ID generation Andi McLean (Apr 18)
- RE: User ID generation Andrew van der Stock (Apr 13)