random
Random or not? That is the question!
- Albert Zenkoff
- 2012-09-13
- Technology, layered security, PRNG, Pseudorandom Numbers, random, random number generator, RNG, security, separation by function, technology
Oftentimes, the first cryptography related question you come across while designing a system is the question of random numbers. We need some random numbers in many places when developing web applications: identifiers, tokens, passwords etc. all need to be somewhat unpredictable. The question is, how unpredictable should they be? In other words, what should be ...
Read MoreKeep it simple – user names
- Albert Zenkoff
- 2012-07-18
- Technology, Login, random, rules, user id, user information, user name
All right, now after the lengthy discussion on user names and ids let’s have some simple rules: Do not use sequential numbers for user ids. Do use random numbers for user ids. Do not use any scheme for user names that ties (semi-)public user information to the user name. Use user nicknames (aliases) if “natural” ...
Read More