Protecting Privacy with Translucent Databases
Subject:   hmmm
Date:   2002-10-18 08:34:43
From:   anonymous2
Seems to me that a hash function would not have helped in the Yale versus Princeton case since both organizations had access to Name, SSN and Birthdate. It doesn't do any good to have a hashed password file on my computer if I tape a list of all my passwords to the side of the monitor or as indicated in the previous post a brute force approach is used. I do see that value in not having the raw data in the file itself but if I know or can guess the correct information and I get the result out that I wanted then the hashed inforamtion just confirmed that I had the right information to being with. Of course a password access system generally does things like lockout after three-attemps and logs attempts and unix can disallow remote logins and all so I am not saying that hash is a bad idea just that it can only be considered one element in an over all strategy.