Re: SSN encryption
drfremove_at_nber.org
Date: 09/30/05
- Next message: Paul Rubin: "Re: SSN encryption"
- Previous message: tomstdenis_at_gmail.com: "Re: DDJ Article on "Secure" Dongle"
- In reply to: Joseph Ashwood: "Re: SSN encryption"
- Next in thread: Paul Rubin: "Re: SSN encryption"
- Reply: Paul Rubin: "Re: SSN encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Sep 2005 06:53:40 -0700
Joseph Ashwood wrote:
> "drfremove@nber.org" <feenberg@gmail.com> wrote in message
> news:1128033037.054569.253290@f14g2000cwb.googlegroups.com...
> Then you'll have to sacrifice one of the other requirements. In the mean
> time it still won't beat the MD5 suggestion I made, you'll be less secure,
> and it will likely be slower. It is necessary to sacrifice one of the
> requirements, pick one, any one.
Does Palu Rubin's suggestion in
http://groups.google.com/group/sci.crypt/msg/c4bdd165ba12b92a?dmode=source&hl=en
not make sense? It appears to me to be valid. To be invalid, there
would need to be a way for an intruder to search the file for a
particular SSN, which would require knowledge of the key, no? Is that
something easy to do? Could the key be determined from knowledge of
some *other* SSN/hash pairs? It isn't a problem that an intruder can
find himself in the database, only if he can use that information to
determine other SSN hashs, or the key itself.
Daniel Feenberg
feenberg isat nber dotte org
> Joe
- Next message: Paul Rubin: "Re: SSN encryption"
- Previous message: tomstdenis_at_gmail.com: "Re: DDJ Article on "Secure" Dongle"
- In reply to: Joseph Ashwood: "Re: SSN encryption"
- Next in thread: Paul Rubin: "Re: SSN encryption"
- Reply: Paul Rubin: "Re: SSN encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
