← Back to context

Comment by cmeacham98

3 years ago

Unless you are very young (read: born after 2011) your SSN can be trivially brute forced if an attacker knows where and when you were born, because those details were (before 2011) mapped onto 5 of the 9 digits in an SSN.

11 comments

cmeacham98

Reply
throwawayboise  3 years ago

You should assume your SSN is public anyway. There have been so many leaks, and it's not like a credit card where you get a new number if it is compromised.

  • drewcoo  3 years ago

    Because it was intended as an identifier, not as a secret. The financial industry couldn't tell the difference between the two so now everyone tries to hide their IDs.

dhosek  3 years ago

More accurately where you were born and when your SSN was issued (my brothers who are four years older than me got their SSNs at the same time I did). Some of us older folks were born in an era in which you didn't automatically get an SSN along with the birth certificate. And then there are people who weren't born in the US so will have had their SSN not matching birth year.

I also think it's less than 5 of the 9 digits that are reflected in this manner. That would not leave room for a lot of distinction in SSNs.

olliej  3 years ago

Hate to break it to you but that’s 21 year olds now :)

[edit: so I program for a living. you'd think I know how to subtract to integers??? I /assume/ I read 2001? at least I hope I did]