Comment by ses1984

All the salts * all the ssns is a very large set but it’s irrelevant because in the above scenario each ssn has a public well known salt, you don’t have to test each salt against each possible ssn because the mapping from one to the other is known.

Even if such a service doesn’t exist, and you just have a list of all the salts without knowing which ssn they map to, you’re just hand waving how hard it will be to hash the entire salt*ssn set.

Hashing a salt+ssn can’t take too too long because data brokers need to be doing it frequently in order to verify identities.

In this report, https://files.consumerfinance.gov/f/documents/cfpb_consumer-..., it says monthly volume of credit card marketing mail is in the hundreds of millions per month. Can we assume that each piece of mail is roughly associated with one instance of hashing a salt+ssn? Given that number, how expensive (in terms of time, compute cycles, whatever) can it possibly be to hash a salt+ssn? If we make it too expensive, expensive enough to support your “age of the universe” claims, credit markets would grind to a halt.