>Roger Clarke wrote: >1. The association between the 12-digit number and the dwelling-address >> may have been systematically assigned rather than purely random
At 14:47 +1000 12/8/16, Jim Birch wrote: > ... why have a number at all? My assumption is that the number was intended as a short-term secret, which only the householder(s) in the intended dwelling would know. After all, in password-reset processes, it's common for the email to the pre-registered email-address to, in effect, contain something that's intended as a short term secret (e.g. in the form of a URL with a string of funny characters at the end, or a one-time password). *But* that's just my presumption. Maybe it's the, or part of the, record-address for the dwelling's data ... >Would anyone with any idea of security actually do that? It seems >completely incredible to me. Like, why have a number at all? Indeed. However, we've already established that IBM declined the option of upstream DDoS defences, so cloud-cuckoo-land assumptions are no longer unreasonable. (I suspect that some designers would assume that 10**12 was a big enough space to hide 10**7 entries in). The purpose of this exercise would be to find out whether they did the incredible. -- Roger Clarke http://www.rogerclarke.com/ Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 http://about.me/roger.clarke mailto:[email protected] http://www.xamax.com.au/ Visiting Professor in the Faculty of Law University of N.S.W. Visiting Professor in Computer Science Australian National University _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
