View Single Post
07-24-2009, 04:01 AM
Join Date: Sep 2007
Originally Posted by
Thanks for your help :)
well VI, i need only number codes in fact.
I was thinking of another problem :P, what if after a couple of year i've generated tons of Pins, wha should i do?? reset them all? (i don't think this is a good idea, cause people might use their old pins), maybe adding one more digit?? (adding a digit is a pain in the ass for users, but all new pins would be unique)
Seven digits will cover 9,999,999 pins, five alpha-numeric characters will hold 36^5 or 52,521,875 different possibilities. But when you get even close to full, it becomes a security risk. Even using .1% will take 1,000 tries on average to correctly guess. I highly recommend a user name and password opposed to singularly validating by a pin.
At work, for any system of reasonable value we force at least eight characters with at least one number, upper case letter and punctuation mark. This means that each user has 8^63 possible combination, but a strong password (ten or more chars) has at least 10^63 .
If you use sha1 to hash your passwords (and make guessing the sha1 value directly available), you are limited to 28^16 since that is the number of possible combination a 28 place base-16 digit can hold. But that is why you shouldn't store the password even if hashed directly in the cookie.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot