Re: User ID generation

[Scovetta Labs <security () scovettalabs com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andi,

The user's birthdate would become their "username" and the 4-digit random number
would be their password. First, 4-digits is not enough. The entire
username-password space is on the order of (12*30*80)*(10000) = 288 million, or
about 28 bits-- that's kind of low. And you could probably restrict the limit to
people aged 25-35, so (12*30*10)*(10000) = about 36 million, or 25 bits. If you
want to make that stronger, then you need to increase the 4-digits to 6 or 8,
and by then, what's the point of the birthdate?

I think the normal "username" and "password" give a much larger space and are
easier to remember.

Just my $0.02.

Mike

Andi McLean wrote:
| Whilst talking about usernames, I was wondering what people's thoughts were on
| the following scheme.
|
| The users date of birth, Selected from drop down boxes, and entering a 4 digit
| random number, selected by the system, so username are unique.
|
| Cheers
| Andi


- --
Michael Scovetta
Scovetta Labs
www.scovettalabs.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCXt62K5Y2cJWwwk0RApJ6AKCKc4TX+iGyeS0yTKeVhPRkNvEZqgCgvDSz
zvUWkfaoUg8pFSZKMpM+Q2A=
=qmeM
-----END PGP SIGNATURE-----