Protecting Privacy with Translucent Databases
Subject:   Hash address comparisons
Date:   2002-08-12 10:26:59
From:   bazzargh
The article doesnt make 'secure sense' when it talks about querying hashed addresses. If these hashes used a user's password (eg of '22 Acacia Avenue/swordfish','22 Acacia Avenue/saggitarius'), the hashes would be unequal if they were the same address, and so useless for summary reports as described.

So, the address hashes must simply be of the bare address. This is extremely vulnerable to brute force attacks - based on a gazetteer in this case. Similar arguments apply to hashed SSNs because of their fixed format.

If this really was how the information was stored, its only a short step to doing a reverse lookup on the electoral roll to identify the person involved. Doesn't sound too secure to me.