Paul Rubin <http://[EMAIL PROTECTED]> writes:
> Kirk Job Sluder <[EMAIL PROTECTED]> writes: > We're told there is already a secure database in the picture > somewhere, or at least one that unescapeably contains cleartext SSN's, > so that's the system that should assign the ID numbers and handle > SSN-based queries. Well, IMO just having cleartext SSNs is questionable practice unless you need those SSNs to report to some other agency that takes SSNs. And even so, you might want to limit access to plaintext SSNs to a limited group, and give access to the hashed SSNs as a search key to a different group. > > I think the fundamental problem is that that most customers don't > > want actual security. They want to be able to get their information > > by calling a phone number and saying a few words/phrases they > > memorized in childhood. > > A voice exemplar stored at enrollment time plus a question or two like > "what classes did you take last term" could easily give a pretty good > clue that the person saying the words/phrases is the legitimate > student. In my experience the typical student has trouble remembering what happened last week, much less last term. In addition, universities frequently need to field questions from people who were students years ago. Are voice exemplars at that stage yet? > Customers legitimately want actual security without having to care how > hash functions work, just like they want safe transportation without > having to care about how jet engine turbopumps work. Air travel is > pretty safe because if the airline fails to maintain the turbopumps > and a plane goes down, there is hell to pay. There is huge legal and > financial incentive for travel vendors (airlines) to not cut corners > with airplane safety. But vendors who deploy incompetently designed > IT systems full of confidential data resulting in massive privacy > breaches face no liability at all. I'm more than happy to agree to disagree on this, but I see it differently. In aviation there certainly is a bit of risk-benefit analysis going on in thinking about whether the cost of a given safety is justified given the benefits in risk reduction. Likewise, credit companies are currently making money hand-over-fist. If an identity is compromised, it's cheaper for them to just close the account, refund the money, and do their own fraud investigation after the fact. Meanwhile, for every person who gets stung, there are a hundred wanting convenience. In addition, the losses due to bad cryptographic implementation appear to be trivial compared to the losses due to social engineering. -- Kirk Job-Sluder "The square-jawed homunculi of Tommy Hilfinger ads make every day an existential holocaust." --Scary Go Round -- http://mail.python.org/mailman/listinfo/python-list