[OPEN-ILS-DEV] Feature proposal: SSN-censoring functionality
Robin H. Johnson
rjohnson at sitka.bclibraries.ca
Sun Aug 26 19:36:05 EDT 2012
On Sun, Aug 26, 2012 at 05:04:14PM -0400, Wolf Halton wrote:
> Storing SSNs unencrypted is a terrific mistake, in the US. Storing them at
> all is a Very Bad Thing (TM).
> Storing a hash that is evidence that a proper authority has seen the
> number, or just a boolean true, seems like enough.
pLease, if you do store a hash, make it salted. Rainbow tables and
gpu/cloud cracking make it trivial otherwise to brute force.
--
Robin Hugh Johnson
SITKA: Sysadmin
Phone: 1-855-383-5761 ext 1010
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
More information about the Open-ils-dev
mailing list