[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] After Equifax pwning, what is the best means for replacing the SSN?

On Wed, Sep 27, 2017 at 2:50 PM, John Levine <johnl AT iecc.com> wrote:
In article <903e4c2d1109f7df3eaf31489be3b614.squirrel@> you write:
>> My preference is to say that any transaction validated with an SSN is
>> presumed fraudulent and is voidable on request. 

States could begin to include one or more "merchant" IDs on driver licenses 
as well as the existing state issued IDs for those that do not drive.

Each time a license is reissued or renewed a new merchant ID set 
would be issued as well as on demand by a citizen.

Law can specify that the merchant ID never be stored except for a hash
against or with the  Vendor's own ID.   So both the customer and Vendor ID 
would be a pair, think of the Merchant and Customer bits as salt plus password .
The bound hash if lost only has repercussions at exactly one merchant.

So law plus an alternative group of numbers that is under control of the state but not a national ID.

The DL#  itself is to be used ONLY by the state DMV.
The SSN by federal law would not be used when a state issued number is available. 
Other law can limit correlation of Customer# against other keys. 
Character counts long enough to include validation bits sure.. 

The goal is to minimize the impact of merchant data loss.
No merchant would have SSN or DL numbers to be lost.
The state itself would only retain a validation crypto hash for Customer numbers.

So the center of ID power would  still be State and Federal agencies. 

  T o m    M i t c h e l l
The cryptography mailing list
cryptography AT metzdowd.com