Risks of Not Understanding a One-Way Function
New York City officials anonymized license plate data by hashing the individual plate numbers with MD5. (I know, they shouldn’t have used MD5, but ignore that for a moment.) Because they didn’t attach long random strings to the plate numbers—i.e., salt—it was trivially easy to hash all valid license plate numbers and deanonymize all the data.
Of course, this technique is not news.
Hanno • June 25, 2014 7:05 AM
I don’t know exactly how US license plates look like, but I assume the number of variations is quite limited (let’s say in the thousands). Then even salting the hash wouldn’t have helped a lot – it would have slowed down the attack, but it’d still probably be feasible on any normal computer.