On Sun, Aug 26, 2012 at 05:04:14PM -0400, Wolf Halton wrote: > Storing SSNs unencrypted is a terrific mistake, in the US. Storing them at > all is a Very Bad Thing (TM). > Storing a hash that is evidence that a proper authority has seen the > number, or just a boolean true, seems like enough. pLease, if you do store a hash, make it salted. Rainbow tables and gpu/cloud cracking make it trivial otherwise to brute force.
-- Robin Hugh Johnson SITKA: Sysadmin Phone: 1-855-383-5761 ext 1010 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
