[17445] in cryptography@c2.net mail archive
Re: encrypted tapes (was Re: Papers about "Algorithm hiding" ?)
daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Thu Jun 9 18:30:19 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Charles M. Hannum" <root@ihack.net>
To: lists@notatla.org.uk
Date: Thu, 9 Jun 2005 17:37:22 +0000
Cc: astiglic@okiok.com, k.buchanan@kastenchase.com,
cryptography@metzdowd.com, adam@homeport.org
In-Reply-To: <42A87149.mailBQ71KEMYS@notatla.org.uk>
On Thursday 09 June 2005 16:41, you wrote:
> From: "Charles M. Hannum" <root@ihack.net>
>
> > I can name at least one obvious case where "sensitive" data -- namely
> > credit card numbers -- is in fact something you want to search on: credit
> > card billing companies like CCbill and iBill. Without the ability to
> > search by CC#, customers are pretty screwed.
>
> Is there a good reason for not searching by the hash of a CC# ?
Are you joking?
If we assume that the last 4 digits have been exposed somewhere -- and they
usually are -- then this gives you at most 38 bits -- i.e. 2^38 hashes to
test -- to search (even a couple less if you know a priori which *brand* of
card it is). How long do you suppose this would take?
(Admittedly, it's pretty sketchy even if you have to search the whole CC#
space -- but this is why you need to prevent the data being accessed in any
form!)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
