Weakness in Social Security Numbers Is Found
Bill Frantz
frantz at pwpconsult.com
Wed Jul 8 18:31:11 EDT 2009
docbook.xml at gmail.com (Ali, Saqib) on Wednesday, July 8, 2009 wrote:
>Read more:
>http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2&ref=instapundit
>
>
>saqib
>http://www.capital-punishment.us
>
>[Moderator's note: this isn't really a weakness in SSNs, unless you're
>stupid enough to use them as a password -- which we already knew was
>bad. None the less, interesting work. --Perry]
How separate algorithms reduce security when used together:
The last 4 digits of the SSN are frequently used as an authenticator. These
may be the hardest digits to recover with the technique which, according to
the researchers (Alessandro Acquisti and Ralph Gross) at CMU, would not be
easy for cybercriminals to reconstruct but would be within the grasp of
sophisticated attackers.
My solution is to have the Social Security Administration announce that
they will publish names and SSNs for everyone in their database on a
certain date. Fat chance it will happen.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.periwinkle.com |
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list