Re: SSN encryption
tomstdenis_at_gmail.com
Date: 09/29/05
- Next message: Nicholas Sheppard: "DRMTICS 2005 Call for Participation"
- Previous message: tomstdenis_at_gmail.com: "Re: How to generate a Windows style license key"
- In reply to: drfremove_at_nber.org: "Re: SSN encryption"
- Next in thread: Peter Pearson: "Re: SSN encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Sep 2005 06:32:47 -0700
drfremove@nber.org wrote:
> > remainder of the bits with random data and encrypt, voila 128-bit
> > "token" which when decoded gets you a SSN.
> >
> > Tom
>
> I guess I am too much of a beginner to understand your suggestion. If
> we add 85 (33+85=128) random bits and then encrypt, won't the same SSN
> encrypt to different values depending on the random bits? (Or are the
> random bits a maintained key)? We specifically don't need to decrypt
> the SSNs - only use the encrypted values for matching. If we have to
> decrypt to use the field, then our purpose is defeated, since the file
> user would then be given the actual SSN, which we want to avoid. We
> only want to give them enough information to match records across
> tables.
what you need then is a keyed PRF based on the SSN then the salt bits
are the output of the PRF [e.g. use CMAC with a fixed secret key on the
SSN, get an 85-bit tag, append that to the SSN and encrypt].
That way a dictionary [e.g. MITM] attack won't work and you can even
verify entries by checking the MAC.
Tom
- Next message: Nicholas Sheppard: "DRMTICS 2005 Call for Participation"
- Previous message: tomstdenis_at_gmail.com: "Re: How to generate a Windows style license key"
- In reply to: drfremove_at_nber.org: "Re: SSN encryption"
- Next in thread: Peter Pearson: "Re: SSN encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
