Risks of /pseudo-?/random alphanumeric generation (from Volume 23, Issue 6 of The RISKS Digest)
<Joe Thompson <kensey@gmail.com>>
Thu, 6 Jan 2005 13:50:16 -0500The Cabbage Patch doll, known to legions of kids from the 80s on, comes with "adoption paperwork" including a unique, randomly-generated serial number. However, apparently the company's random number generator was, from a certain point of view, a little too random:
Girl Gets Cabbage Patch Doll With Obscene Message
http://www.10news.com/news/4050756/detail.htmlApparently, purely by chance -- or so the company insists, at any rate -- one serial number included a six-letter string commonly considered obscene, especially so in the context of children's toys. The slide show on the linked new story page has a shot of the string in question (with the first letter helpfully covered up to avoid further offense). That it was given as a Christmas gift seems particularly unfortunate.
Many are the tales of large computer systems where user account names are fully or partially randomized to avoid embarrassing formations from pieces of names or other data. Even in such cases, some basic filtering is needed; in fact given the audience for the product I'm surprised no one at Play-Along has realized this in twenty years. People easily forget that 0000, 1111, 2222, etc. are as random as any other four-digit string in certain contexts.
...and yes, that six-letter string is extremely unfortunate for a child's toy.
