On Wed, Nov 17, 2010 at 7:18 PM, Dan Kaminsky <[email protected]> wrote: > On Wed, Nov 17, 2010 at 4:08 PM, Dan Kaminsky <[email protected]> wrote: >> On Wed, Nov 17, 2010 at 4:04 PM, Jeffrey Walton <[email protected]> wrote: >>> >>> On Wed, Nov 17, 2010 at 6:58 PM, Dan Kaminsky <[email protected]> wrote: >>> > Did anyone actually read the ruling? >>> > They're basically saying a SSN# isn't an identity. >>> > >>> > Given that SSN#'s aren't actually unique in the population, they're, you >>> > know, right. >>> Expand, please. >>> >> >> http://www.schneier.com/blog/archives/2009/07/social_security.html >> >> Information about an individual's place and date of birth can be >> exploited to predict his or her Social Security number (SSN). Using >> only publicly available information, we observed a correlation between >> individuals' SSNs and their birth data and found that for younger >> cohorts the correlation allows statistical inference of private SSNs. >> [SNIP] >> > > Actually, technically, the above doesn't *necessarily* make SSNs > non-unique. It just means that they're not randomly assigned. They > could still be uniquely assigned within a non-random space. So that's > a fairly significant assumption on my part, especially with some > evidence of being willing to use non-contiguous assignment to deal > with exhausting of numbers. > All in all, agree.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
