[Cryptography] IRS W-2 'Verification Code' == Hash ??
Phillip Hallam-Baker
phill at hallambaker.com
Fri Feb 3 14:10:04 EST 2017
On Fri, Feb 3, 2017 at 10:30 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> Perhaps I missed it last year, but I just noticed that my 2016 W-2 has a
> 16-hex-digit 'Verification Code' just under the boxes numbered 10 and 11.
>
> Does anyone know what this 'Verification Code' is?
>
> It only has 4*16=64 bits, which is probably not strong enough to withstand
> a real attack, so why did they even bother?
>
64 bits is more than enough to cut down the incidence of fraud to 1/2^64
th of its current rate. the attackers only get one chance per target.
Given that I had my tax 'refund' stolen last year, I can see the point. Of
course I always make sure I have no refund precisely because they are so
insecure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170203/87d34fec/attachment.html>
More information about the cryptography
mailing list