[Alex L. Mauer] > Can you expand on this? > > How could the Name/address/ssn be retrieved from a hash of the same? >
The data can be recovered from the hash because search space is small. Say you are looking for the SSN of a John Smith. Every large DB is bound to have someone named John Smith. If you have access to the hash DB, all you need to do is calculate the hash of "John/Smith/000-00-0000", "John/Smith/000-00-0001", etc. until you find a matching hash. Iterating through all the SSN possibility, that's only a 30-bit search space, and can probably be handled by a modern CPU in a few minutes. Once you find a match, you know James's SSN. Things get much easier if you know a particular person is in the DB, or know more about them to remove certain variables that might be in the hash. Even adding the home address to the hash isn't useful, because there are 400 MB files that contain every street address in the US available on the market. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users