Network Security: Detailed info on User ID generation

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

User ID generation

from [Jason binger] Network Security

[Permanent Link]

Subject:	User ID generation
Date:	Tue, 12 Apr 2005 01:26:26 -0700 (PDT)

I have a customer that generates UserIDs as numbers
sequentially for a critical application. They
implement account lockout and I am concerned that
someone could launch a DOS and lockout all the user
accounts.

What would people recommend for a user ID generation
method.

I was thinking UserIDs should be randomly generated
from a large alpha-numeric keyspace, but how big
should the keyspace be?
What would the size of the keyspace need to be if it
was only numeric?

Any other thoughts appreciated.

Cheers,


                
__________________________________ 
Do you Yahoo!? 
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
User ID generation, Jason binger <= RE: User ID generation, Andrew van der Stock RE: User ID generation, Thomas Ng Re: User ID generation, Scovetta Labs Re: User ID generation, Andi McLean Re: User ID generation, Adam K Re: User ID generation, Scovetta Labs Re: User ID generation, Paul M. RE: User ID generation, Murtland, Jerry Re: User ID generation, Andi McLean Re: User ID generation, Lucas Holt

Previous by Date:	ColdFusion - CFID & CFTOKEN, Jason binger
Next by Date:	First OWASP Belgium Chapter Meeting, Sebastien Deleersnyder
Previous by Thread:	ColdFusion - CFID & CFTOKEN, Jason binger
Next by Thread:	RE: User ID generation, Andrew van der Stock
Indexes:	[Date] [Thread] [Top] [All Lists]