Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: User ID generation

Re: User ID generation

From: Scovetta Labs <security_at_scovettalabs.com>
Date: Thu, 14 Apr 2005 17:20:55 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andi,

The user's birthdate would become their "username" and the 4-digit random number
would be their password. First, 4-digits is not enough. The entire
username-password space is on the order of (12*30*80)*(10000) = 288 million, or
about 28 bits-- that's kind of low. And you could probably restrict the limit to
people aged 25-35, so (12*30*10)*(10000) = about 36 million, or 25 bits. If you
want to make that stronger, then you need to increase the 4-digits to 6 or 8,
and by then, what's the point of the birthdate?

I think the normal "username" and "password" give a much larger space and are
easier to remember.

Just my $0.02.

Mike

Andi McLean wrote:
| Whilst talking about usernames, I was wondering what people's thoughts were on
| the following scheme.
|
| The users date of birth, Selected from drop down boxes, and entering a 4 digit
| random number, selected by the system, so username are unique.
|
| Cheers
| Andi

- --
Michael Scovetta
Scovetta Labs
www.scovettalabs.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCXt62K5Y2cJWwwk0RApJ6AKCKc4TX+iGyeS0yTKeVhPRkNvEZqgCgvDSz
zvUWkfaoUg8pFSZKMpM+Q2A=
=qmeM
-----END PGP SIGNATURE-----
Received on Apr 18 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]