[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?
John Levine
johnl at iecc.com
Tue Sep 12 22:07:26 EDT 2017
In article <BA30D34E-EBA3-4D0F-8D7C-51A3E81C178A at interlog.com>,
Richard Outerbridge <outer at interlog.com> wrote:
>Note that the nine digit Canadian SIN (also the American one?) incorporates a one digit LUN check digit
>(like most if not all credit card numbers).
No, the American SSN does not have a check digit, something they'd
certainly do differently if they were designing it now. When you
consider that there are 300,000,000 Americans, you can't give them all
different numbers if you only have 8 digits to work with. (Nine
digits is plenty for 35 million Canadians.)
Here is more than you wanted to know about SSN formats:
https://secure.ssa.gov/apps10/poms.nsf/lnx/0110201030
And some hacks for recognizing obviously invalid ones:
https://secure.ssa.gov/apps10/poms.nsf/lnx/0110201035
It used to be possible to tell roughly when and where an SSN was
issued, but since 2011 they've been assigned randomly from the
available pool.
https://www.ssa.gov/employer/randomization.html
R's,
John
More information about the cryptography
mailing list