[LINK] The Real Reason ABS Took the Census Offline?
Roger Clarke
Roger.Clarke at xamax.com.au
Fri Aug 12 15:04:04 AEST 2016
>Roger Clarke wrote:
>1. The association between the 12-digit number and the dwelling-address
>> may have been systematically assigned rather than purely random
At 14:47 +1000 12/8/16, Jim Birch wrote:
> ... why have a number at all?
My assumption is that the number was intended as a short-term secret, which only the householder(s) in the intended dwelling would know.
After all, in password-reset processes, it's common for the email to the pre-registered email-address to, in effect, contain something that's intended as a short term secret (e.g. in the form of a URL with a string of funny characters at the end, or a one-time password).
*But* that's just my presumption. Maybe it's the, or part of the, record-address for the dwelling's data ...
>Would anyone with any idea of security actually do that? It seems
>completely incredible to me. Like, why have a number at all?
Indeed.
However, we've already established that IBM declined the option of upstream DDoS defences, so cloud-cuckoo-land assumptions are no longer unreasonable.
(I suspect that some designers would assume that 10**12 was a big enough space to hide 10**7 entries in).
The purpose of this exercise would be to find out whether they did the incredible.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916 http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list