Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

The Danger of Algorithms

By Steve Jones,

This editorial was originally published on July 27, 2009. It is being re-run as Steve is out on vacation.

There is a report that came out recently that shows how you can predict Social  Security numbers, an important piece of identity information in the US. This, according to this C|Net article, could result in massive fraud taking place if someone's birthday is disclosed.

So many sites want to get this piece of information from you, often to ping you on your birthday or give you some gift. I've always been wary, however, and usually put in April 1 instead of my real birthday. It makes for lots of birthday wishes on that day, but that's OK. I appreciate the thoughts, even if they are a few months off.

This does highlight the danger of using an algorithm to generate data. Unfortunately there are plenty of people out there that will maliciously find ways to mis-use data, and if they can guess how you generated the data, they can extrapolate that out to calculate what other data might exist in your system. I know most people that need to generate codes often don't spend a lot of time ensuring they've picked a good method from a security point of view.

The key here is to keep pieces of information somehow separate, to make it more difficult for a criminal of some sort to perform the extrapolation. That gets harder and harder to do, primarily because of the job many of us do. We gather data into SQL Server and other platforms, and make it easy to put this data together.

As with many of the problems I see in today's world, I don't have a perfect solution to this problem. However I think that many of us handle data insecurely, often comparing actual values when a hash, or digital signature might work instead. I know some of that is because we don't have great tools for working with digital signatures, but also because it's a complex process.

Credit card companies, banks, and other institutions often have complex rules for how they handle and process data. I think this more of their secure methods of handling data should be published and taught so that other companies can better learn how to build more secure applications.

Steve Jones


The Voice of the DBA Podcasts

Everyday Jones

The podcast feeds are available at sqlservercentral.mevio.com. Comments are definitely appreciated and wanted, and you can get feeds from there.

You can also follow Steve Jones on Twitter:

Overall RSS Feed: or now on iTunes!

Today's podcast features music by Everyday Jones. No relation, but I stumbled on to them and really like the music. Support this great duo at www.everydayjones.com.

I really appreciate and value feedback on the podcasts. Let us know what you like, don't like, or even send in ideas for the show. If you'd like to comment, post something here. The boss will be sure to read it.

Total article views: 304 | Views in the last 30 days: 1
 
Related Articles
ARTICLE

Happy Birthday

Steve Jones has an upcoming birthday and a fun Friday poll for the rest of you.

ARTICLE

Podcast Announcements

Podcast Feeds

FORUM

Happy Birthday

Comments posted to this topic are about the item [B]Happy Birthday[/B] What does Steve Jones drive? ...

FORUM

Birthday alert

Birthday alert 15 days & 31 days

BLOG

Podcasting

A new video setup is on the way!!!! Actually I'll do a couple podcasts on podcasting over the hol...

Tags
editorial    
security    
 
Contribute

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones
Editor, SQLServerCentral.com

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones