Slightly Unique Identifiers
One of the neat things about Blue Hat is that people get pulled aside and introduced to people who have problems that they’d like your thoughts on. In one of those meetings, it came out that the person I was meeting with was destroying lots of data before it came to his group. Very cool. Unfortunately, this sometimes raises a problem, because it makes it hard to tell if unusual problems are coming from the same place. That is, Alice and Bob might both have a problem, or Bob might be reporting one problem twice.
I brought up the concept of slightly unique identifiers. For example if you have hundreds or thousands of users, use a number from 1 to 16 to identify people. This allows you to distinguish, a little, while not being able to say if this number 6 and that number 6 are the same. There are lots of number sixes out there. You can tune this by adjusting the scale of the number for the size of your pool, and how often you want to accept overlaps, and what sort of matches you care about. For this problem, the birthday problem doesn’t really apply. That is, it doesn’t matter that you’re likely to have two items that match very quickly: what you care about is that the odds of a match between two items you’re looking at anyway is 1/16.
To put it another way, there are lots of crayons of the same color, but if you pick two based on some other criteria, such as how sharp the tip is, odds are good they won’t be the same color.
One of the other neat things about Blue Hat is they now have a blog, “Blue Hat Security Briefings.”
Crayon picture from Presentation Pictures.com.