[email protected] (Ali, Saqib) on Wednesday, July 8, 2009 wrote: >Read more: >http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=2&ref=instapundit > > >saqib >http://www.capital-punishment.us > >[Moderator's note: this isn't really a weakness in SSNs, unless you're >stupid enough to use them as a password -- which we already knew was >bad. None the less, interesting work. --Perry]
How separate algorithms reduce security when used together: The last 4 digits of the SSN are frequently used as an authenticator. These may be the hardest digits to recover with the technique which, according to the researchers (Alessandro Acquisti and Ralph Gross) at CMU, would not be easy for cybercriminals to reconstruct but would be within the grasp of sophisticated attackers. My solution is to have the Social Security Administration announce that they will publish names and SSNs for everyone in their database on a certain date. Fat chance it will happen. Cheers - Bill --------------------------------------------------------------------------- Bill Frantz |"Web security is like medicine - trying to do good for 408-356-8506 |an evolved body of kludges" - Mark Miller www.periwinkle.com | --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
