发表新帖
发表新帖

Hashing SSNs and other limited-domain information

前端 未结
关注
3 1597
轻奢々
轻奢々 2021-01-04 05:00

I\'m currently working on an application where we receive private health information. One of the biggest concerns is with the SSN. Currently, we don\'t use the SSN for any

3条回答
  • 温柔的废话
    温柔的废话 (楼主)
    2021-01-04 05:10

    If you seriously want to hash a social security number in a secure way, do this:

    1. Find out how much entropy is in an SSN (hint: there is very little. Far less than a randomly chosen 9 digit number).
    2. Use any hashing algorithm.
    3. Keep fewer (half?) bits than there is entropy in an SSN.

    Result:

    • Pro: Secure hash of an SSN because of a large number of hash collisions.
    • Pro: Your hashes are short and easy to store.
    • Con: Hash collisions.
    • Con: You can't use it for a unique identifier because of Con#1.
    • Pro: That's good because you really really need to not be using SSNs as identifiers unless you are the Social Security Administration.

    0 讨论(0)
 看不清?
提交回复
热议问题