encryption with python

Paul Rubin http
Sat Sep 10 17:26:32 EDT 2005 

Kirk Job Sluder <kirk at jobsluder.net> writes:
> You have a client on the phone who needs access to information, but has
> forgotten or lost the 10-digit unique ID and the PIN you gave them two
> years ago.  How do you provide that client with the information he or
> she needs?  This is the kind of dilemma that one-way encryption is
> designed to make a tiny bit safer. 

You need secret keys then, and you need to secure them.  If you have a
secure secret key K, you can store something like HMAC(K, SSN) and
that is pretty safe from offline attacks.

> Of course, an additional step I didn't mention was that in actual
> practice the SSNs would be hashed with a strong random secret key.

But now you have to maintain that secret key and its secrecy, which is
not a trivial task.  It's not an unsolveable problem but you can't
handwave it.

We're told there is already a secure database in the picture
somewhere, or at least one that unescapeably contains cleartext SSN's,
so that's the system that should assign the ID numbers and handle
SSN-based queries.

> I think the fundamental problem is that that most customers don't
> want actual security.  They want to be able to get their information
> by calling a phone number and saying a few words/phrases they
> memorized in childhood.  

A voice exemplar stored at enrollment time plus a question or two like
"what classes did you take last term" could easily give a pretty good
clue that the person saying the words/phrases is the legitimate
student.

> Given the current market, it seems to be
> cheaper to deal with breaks after the fact than to expect more from
> customers.

Customers legitimately want actual security without having to care how
hash functions work, just like they want safe transportation without
having to care about how jet engine turbopumps work.  Air travel is
pretty safe because if the airline fails to maintain the turbopumps
and a plane goes down, there is hell to pay.  There is huge legal and
financial incentive for travel vendors (airlines) to not cut corners
with airplane safety.  But vendors who deploy incompetently designed
IT systems full of confidential data resulting in massive privacy
breaches face no liability at all.  

There is no financial incentive for them to do it right, so they
instead spend the money on more marketing or on executive massages or
whatever, and supply lousy security.  THAT is the fundamental problem.

More information about the Python-list mailing list