Re: SSN encryption

Unless I'm missing something fairly major, why not just use an HMAC
instead of all these complicated protocols people have proposed? Unless
they know the key to the HMAC, no number of known plaintext/hash pairs
will allow them to discover others. The HMAC result can be
shortened/formatted as appropriate, though the shorter it is, the
higher the probability of collision.

Alternately, just number sequentially, as someone else suggested.
Received on Sat Oct 15 04:37:55 2005