Not to mention the use case where a new user signing up types in an already in use PIN and is informed "That PIN is in use, please choose another"...
...assumes you only need a PIN to log in... On Thu, 3 Jan 2008 13:29:22 -0800, Greg Young <[EMAIL PROTECTED]> wrote: >Wow that sounds like a really bad idea (the searching of the pin). >Let's try attacking it, I delete my cookie go to the site and enter a >pin (either I get in or I don't :)) > >Let's assume a small user base of 1000 users ... still a 10% chance >per try (those add up quick :)) =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
