At Lodam, we are putting a really big effort, in to being the best workplace in Denmark. This means that management, have signed us up for the "Great Place to Work" scheme, which sends out a questionnaire which then compares us the other businesses in Denmark (of the same size). They send the questionnaire by a link, that sends you to an online form, which you need to fill.
Furthermore, they encourage all the departments to answer, there are prizes involved.
And, as i don't like to loose, i would like to ensure that everybody in my department have answered the questionnaire, så we started to look at the URL strings they send out. They look something like this:
Notice the last 6 digits. That's the unique identifier. All left to do now, is to develop a small script that generates all possible permutations of keys, and then ping the web-page for every entry generated. It only contains capitalized letters and numbers, so the number of possible permutations is relatively small. Somewhere around 2.2 billion keys.
Last evening, i developed this script, which runs all the possible permutations (the 2.2 billion). Have fun - remove (or adjust) the iterMax parameter, to ensure that your computer does not go bonkers.
What i really want people to start thinking about, is cryptographic solutions that are better than this. Maybe, mix them with lower-case letters.