On 12 August 2010 14:45, tedd <t...@sperling.com> wrote: > At 5:30 PM -0700 8/11/10, Daevid Vincent wrote: >> >> > -----Original Message----- >>> >>> 2. Were told it was a social security number >>> (i.e., in the form of 123-45-6789). >> >> Stop. >> >> Why are you even contemplating storing SS# ??
Why hold the SSN (encrypted or otherwise). If you hold it encrypted, then the keys have to exist somewhere and that will cost you something. Why not hold a non reversible hash? That way you can't determine the SSN, but someone posing as the SSN holder presents their SSN, you run it through the same hash routine and compare the hashes. If they match, then the SSN is valid. If not, then not. Don't store the SSN would be my way. The same way you don't store passwords using a reversible technology. -- Richard Quadling. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php