Network Security: Detailed info on Re: User ID generation

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: User ID generation

from [Paul M.] Network Security

[Permanent Link]

Subject:	Re: User ID generation
Date:	Mon, 18 Apr 2005 03:15:05 +0000

After the first or second attempt require the user to enter some
random letters that appear in a graphic. Try www.gmail.com. After a
few bad logins it makes you enter letters from a graphic. That will
keep bots from retrying without human intervention.
~Paul

On 4/12/05, Jason binger <cisspstudy@yahoo.com> wrote:

I have a customer that generates UserIDs as numbers
sequentially for a critical application. They
implement account lockout and I am concerned that
someone could launch a DOS and lockout all the user
accounts.

What would people recommend for a user ID generation
method.

I was thinking UserIDs should be randomly generated
from a large alpha-numeric keyspace, but how big
should the keyspace be?
What would the size of the keyspace need to be if it
was only numeric?

Any other thoughts appreciated.

Cheers,


__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
User ID generation, Jason binger RE: User ID generation, Andrew van der Stock RE: User ID generation, Thomas Ng Re: User ID generation, Scovetta Labs Re: User ID generation, Andi McLean Re: User ID generation, Adam K Re: User ID generation, Scovetta Labs Re: User ID generation, Paul M. <= RE: User ID generation, Murtland, Jerry Re: User ID generation, Andi McLean Re: User ID generation, Lucas Holt

Previous by Date:	Re: ColdFusion - CFID & CFTOKEN, Amit Klein (AKsecurity)
Next by Date:	Re: webapp dependencies, moty yacov
Previous by Thread:	Re: User ID generation, Scovetta Labs
Next by Thread:	RE: User ID generation, Murtland, Jerry
Indexes:	[Date] [Thread] [Top] [All Lists]