I have a project that needs to perform a check on the interface for the US Social Security Number (format ddd-dd-dddd). One suggestion would be to use a hash algorithm, but using a tiny character set ( [0-9]) would be a disaster. It would be acceptable to verify with some probability that the number is correct and allow the backend to perform a final check ==, but I need to do much better than "has nine digits", etc. Etc.
In my search for the best alternatives, I came up with verification checksums for ISBN and UPC . They look like a great alternative with a high probability of success at the front.
Given these limitations, I have three questions:
- Is there a way to prove that an algorithm such as ISBN13 will work with another category of data, such as SSN, or is it more or less consistent with the goal in terms of security? The checksum seems reasonable for my rather large sample of one real SSN, but I would really like to know that for some reason they are not applicable for any reason.
- Is this a solvable problem somewhere, so that I can simply use a pre-existing verification scheme to solve this problem?
- Are there any such algorithms that could also easily include checking the last four digits of an SSN without leaving too much additional information?
Thanks, as always, Joe
UPDATE:
, . SSN , , . , ( ), . , , - .
MD5/SHA1 , , SSN . (, 11) , . , , .