Jump to content

Social Security Numbers - Security Question


music_lp90
 Share

Recommended Posts

No.E-mail is not secure - even if the form and the action page are processed through an SSL - the email will still travel through an non-secure route.There are two ways around this:

  • database the information into a system the recipient can use (password protected of course) to retrieve it.
  • encrypt the contents of the e-mail and build a decryption tool for the recipient to use to expose the information.

I've done both. Obviously is not much of a challenge with the first. If you do not have a need or do not have access to databasing the information, then encrypting is the best way. All you do is use your seerver side scripting language and encrypt the text. When your email is sent, it will be all garbled up. In the footer of the e-mail, remind the recipient that there is a tool [where ever you put it] that they will have to log into, copy-n-paste the text into, and reveal the encrypted content.I've got this written in ColdFusion should you want a copy of the application - its pretty portable.Or, I can spec it out in a little more detail here if you need more clarification on how it works.

Link to comment
Share on other sites

I wouldnt mind a copy of tat :)
Are you familiar with coding in ColdFusion? If not, I'm not sure how valuable the code might be?
Link to comment
Share on other sites

Thanks for the reply Skemcin. So, would it be a good idea for me to store the information in a database, but also run the social security numbers through a function like this:

<?phpfunction enc($a){	$a = '1'.$a;	$soc = $a * 4;	$soc = $soc + 123054;	$soc = $soc * 2;	$soc = $soc + 7890005678;	return $soc;}?>

That way if someone did hack into our database, the numbers would be distorted and they would have to figure out what we were running the numbers through. Of course I could add more calculations into that function to make it more complicated, I guess. I'm trying to combine both of your suggestions into one. Does it make sense to do that? Thanks!

Link to comment
Share on other sites

It would be easy to crack that if someone had an original and the calculated value, you could just work backwards since you know what the original is to figure out the formula. It might take a while, but it could be done. There are cryptographic functions like mcrypt that you can use to encrypt and decrypt things, those functions take a key that is used in the encryption and decryption, without knowing the key it's pretty difficult to decrypt something.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...