Re: SSN encryption

drfremove_at_nber.org
Date: 09/29/05

Next message: tomstdenis_at_gmail.com: "Re: How to generate a Windows style license key"
Previous message: posting_at_big-numbers.com: "Re: How to generate a Windows style license key"
In reply to: tomstdenis_at_gmail.com: "Re: SSN encryption"
Next in thread: tomstdenis_at_gmail.com: "Re: SSN encryption"
Reply: tomstdenis_at_gmail.com: "Re: SSN encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 29 Sep 2005 06:23:54 -0700

tomstdenis@gmail.com wrote:
> drfremove@nber.org wrote:
> > We want to encrypt social security numbers in a database. The special
> > requirement is that the same SSN should encrypt to the same value
> > regardless of context. That way when new records are added to the
> > database it will be possible to easily match them to existing records.
> > Also, the tables can be sorted or selected and still matched to other
> > tables in the database.
>
> Use ... a ... salt [and not a known fixed key]!!!
>
> SSNs are like what 10 digits? that's a 33-bit number... fill the

Actually, 9 digits, but close enough.

> remainder of the bits with random data and encrypt, voila 128-bit
> "token" which when decoded gets you a SSN.
>
> Tom

I guess I am too much of a beginner to understand your suggestion. If
we add 85 (33+85=128) random bits and then encrypt, won't the same SSN
encrypt to different values depending on the random bits? (Or are the
random bits a maintained key)? We specifically don't need to decrypt
the SSNs - only use the encrypted values for matching. If we have to
decrypt to use the field, then our purpose is defeated, since the file
user would then be given the actual SSN, which we want to avoid. We
only want to give them enough information to match records across
tables.

Sorry for my naivity prolonging the exchange.

Daniel Feenberg
feenberg isat nber dotte org

Next message: tomstdenis_at_gmail.com: "Re: How to generate a Windows style license key"
Previous message: posting_at_big-numbers.com: "Re: How to generate a Windows style license key"
In reply to: tomstdenis_at_gmail.com: "Re: SSN encryption"
Next in thread: tomstdenis_at_gmail.com: "Re: SSN encryption"
Reply: tomstdenis_at_gmail.com: "Re: SSN encryption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: SSN encryption
... >> We want to encrypt social security numbers in a database. ... address and SSN are always excluded. ... exposed if there were a breakdown in the other security precautions. ...
(sci.crypt)
Re: SSN encryption
... > We want to encrypt social security numbers in a database. ... > database it will be possible to easily match them to existing records. ... "token" which when decoded gets you a SSN. ...
(sci.crypt)
Re: SSN encryption
... > user would then be given the actual SSN, ... what you need then is a keyed PRF based on the SSN then the salt bits ... SSN, get an 85-bit tag, append that to the SSN and encrypt]. ... Tom ...
(sci.crypt)
Re: SSN encryption
... >>We want to encrypt social security numbers in a database. ... >>requirement is that the same SSN should encrypt to the ... To avoid collisions you also have to store the encrypted ...
(sci.crypt)
SSN encryption
... We want to encrypt social security numbers in a database. ... tell, the solutions are of the form "Map each SSN to a sequence number, ...
(sci.crypt)