Weirdan wrote:No. In the Chuck Norris scenario (described previously in this thread) if he didn't say he was Chuck the bouncer would have no way to know him from, say, Bruce Lee.
Since the name (Chuck Norris) is widely known, what if Bruce Lee did the perfect round-house kick? According to the example, he would then enter because he met the two requirements : a name and a round-house kick.
timWebUK wrote:The total length maybe the same whether the username is known or not. But by decreasing the amount of known characters to the attacker, automatically increases the amount of time required to crack.
Exactly my point
Weirdan wrote:It doesn't matter how many chunks you split the secret into as long as their total length is the same.
I get the point you are making about the length of the password & username combination but i would rather have my account protected by 2 unknown values then having one value (username) be public domain.
kaisellgren wrote:Are you serious? Use a name to identify a person? That partly works offline because human beings use other identification schemes like face recognization and voice recognization in addition to calling others' names. In online, however, using names to identify is futile.
We all identify each other by our 'names' here on the forum? I'm not refering to a name as firstname used in real life instances but to a identifying value that is not your username. So if you registered for a forum you would have username = 'kaisellgren', password = 'whateverthatmaybe' and screenname (or name if you will) = 'kai'. That way when you post, people see that 'Kai' has made the post but they have no idea that your username is 'kaisellgren'.
I might have the incorrect understanding of identification, authorization and authentication so i'll explain what i understand under each of the terms :
Identification : Identify user to others via a screen-name, in a setup like a forum,
Authentication : Check whether a user is the onwer of the account they are trying to access and
Authorization : Grant said user certain privileges after they have been authorized. Correct or not?