Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: User ID generation

from [Lucas Holt] Network Security [Permanent Link]
Subject: Re: User ID generation
Date: Mon, 18 Apr 2005 18:44:03 -0400

On Apr 14, 2005, at 1:35 PM, Andi McLean wrote:

Sorry forgot to mention, the users in my case will be Members logging into a
website. Other Member will not be able to see eacth other. If I set up a
Forum something diffrent will be used.


You might consider using something like the date and time someone signs up meshed together in some way
along with a few randomly chosen letters A-Z a-z. Its still predictable but the longer your site is in operation the harder it would be to crack a specific account unless you knew when the person signed up. A random account, well thats a different story.

It might be better just to write a randomizer function for usernames and passwords where usernames can contain A-Z a-z 0-9 and passwords can contain those plus additional special characters like $ # @ ! & *. Then use a minimum length for both of at least 5 characters. For passwords i like at least 8 characters. It prevents many dictionary attacks and people who make word lists with letters, numbers and special characters from hitting your site. If nothing else, bandwidth limitations will slow them down.

Lucas Holt
Luke@FoolishGames.com
________________________________________________________
FoolishGames.com  (Jewel Fan Site)
JustJournal.com (Free blogging)
FoolishGames.net (Enemy Territory IoM site)

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: suggesting passwds to users, Martin Sarsale
Next by Date:  GMail blocking "executable" attachments, Scovetta, Michael V
Previous by Thread:  Re: User ID generation, Andi McLean
Next by Thread:  First OWASP Belgium Chapter Meeting, Sebastien Deleersnyder
Indexes:  [Date] [Thread] [Top] [All Lists]