[144574] in cryptography@c2.net mail archive
Re: Weakness in Social Security Numbers Is Found
daemon@ATHENA.MIT.EDU (Darren J Moffat)
Sun Jul 12 11:49:35 2009
Date: Thu, 09 Jul 2009 16:56:23 +0100
From: Darren J Moffat <Darren.Moffat@Sun.COM>
In-reply-to: <20090709004628.F183B33EC0@absinthe.tinho.net>
To: dan@geer.org
Cc: "Ali, Saqib" <docbook.xml@gmail.com>,
Cryptography <cryptography@metzdowd.com>
dan@geer.org wrote:
> I don't honestly think that this is new, but even
> if it is, a 9-digit random number has a 44% chance
> of being a valid SSN (442 million issued to date).
I wonder if the UK NI numbers suffer from a similar problem.
The look a little like this: AB 12 34 56 C
Information on how they are strutured is here:
http://en.wikipedia.org/wiki/National_Insurance#National_Insurance_number
However given we don't use the NI number in the UK like the SSN is
abused in the US there isn't the same security risk in guessing them.
Although the Wikipedia article claims they are sometimes used for
identification I know I have never been asked for mine other than by an
employer or suitably authorised government body how has a real need to know.
--
Darren J Moffat
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
