[EMAIL PROTECTED] writes: > Basically I will like to combine a social security number (9 digits) > and a birth date (8 digits, could be padded to be 9) and obtain a new > 'student number'. It would be better if the original numbers can't be > traced back, they will be kept in a database anyways. Hope this is a > bit more specific, thanks!!!
Why do you want to include the birth date, given that the SSN will already be unique? It won't be a big obstacle to brute forcing the SSN out of a keyless hash, since knowing the student's year of graduation will in most cases be enough to narrow his or her DOB down to a few hundred possibilities. How many digits can the student number have? What happens if two different students get assigned the same number? If you have a secure database where the actual DOB and SSN are held, why not just have it issue a student ID number at the time the DOB/SSN row is added? I'm feeling that you're working in a subtle and tricky area without really knowing what you're doing, and that people's privacy is at risk. Most of the good answers to your question are going to begin with "choose a random string K that you're able to keep secret through the entire lifetime of the whole system". The security of your system will rest on being able to keep K secret against determined attackers. You then have a key management problem, which has to be handled through careful procedures and possibly special hardware, not by an algorithm. Please get a copy of the book "Security Engineering", by Ross Anderson, to get an idea of what you're getting into. -- http://mail.python.org/mailman/listinfo/python-list