[Catalyst] Confirmations numbers for Humans
Bill Moseley
moseley at hank.org
Thu Mar 2 18:46:48 CET 2006
On Thu, Mar 02, 2006 at 05:25:13PM +0100, Karl.Moens at marsh.com wrote:
> If we assume that the format of the confirmation number matches
> /[A-Z]{2}[0-9]{4}/, this still gives you 6,760,000 possible combinations,
> which seems large enough to avoid collisions even one recycles the
> key-space every few days. Any duplication can easily be solved by asking
> one extra detail such as departure or destination or (what an idea!) the
> name you gave when making the booking. The combination of such a short
> number and one extra item would defeat any "guessing" by J. Random Hacker.
That's what I'm curious about. Initially I thought the confirmation
number should be unique in the database for all time, but maybe it's
enough to make sure it's unique among *recent* transactions. It's
not very common for a end user to look up very old transactions.
And combining with a last name would also make it much less hackable.
--
Bill Moseley
moseley at hank.org
More information about the Catalyst
mailing list