[144570] in cryptography@c2.net mail archive
Re: Weakness in Social Security Numbers Is Found
daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Jul 8 18:39:27 2009
Date: Wed, 8 Jul 2009 15:31:11 -0700
From: Bill Frantz <frantz@pwpconsult.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <addede3b0907080725l6e3f1086ra7167da44090ffbf@mail.gmail.com>
docbook.xml@gmail.com (Ali, Saqib) on Wednesday, July 8, 2009 wrote:
>Read more:
>http://www.nytimes.com/2009/07/07/us/07numbers.html?_r=3D2&ref=3Dinstapund=
it
>
>
>saqib
>http://www.capital-punishment.us
>
>[Moderator's note: this isn't really a weakness in SSNs, unless you're
>stupid enough to use them as a password -- which we already knew was
>bad. None the less, interesting work. --Perry]
How separate algorithms reduce security when used together:
The last 4 digits of the SSN are frequently used as an authenticator. These
may be the hardest digits to recover with the technique which, according to
the researchers (Alessandro Acquisti and Ralph Gross) at CMU, would not be
easy for cybercriminals to reconstruct but would be within the grasp of
sophisticated attackers.
My solution is to have the Social Security Administration announce that
they will publish names and SSNs for everyone in their database on a
certain date. Fat chance it will happen.
Cheers - Bill
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.periwinkle.com |
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
