encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
Charles M. Hannum
root at ihack.net
Thu Jun 9 13:37:22 EDT 2005
On Thursday 09 June 2005 16:41, you wrote:
> From: "Charles M. Hannum" <root at ihack.net>
>
> > I can name at least one obvious case where "sensitive" data -- namely
> > credit card numbers -- is in fact something you want to search on: credit
> > card billing companies like CCbill and iBill. Without the ability to
> > search by CC#, customers are pretty screwed.
>
> Is there a good reason for not searching by the hash of a CC# ?
Are you joking?
If we assume that the last 4 digits have been exposed somewhere -- and they
usually are -- then this gives you at most 38 bits -- i.e. 2^38 hashes to
test -- to search (even a couple less if you know a priori which *brand* of
card it is). How long do you suppose this would take?
(Admittedly, it's pretty sketchy even if you have to search the whole CC#
space -- but this is why you need to prevent the data being accessed in any
form!)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list