Risks of Not Understanding a One-Way Function
New York City officials anonymized license plate data by hashing the individual plate numbers with MD5. (I know, they shouldn’t have used MD5, but ignore that for a moment.) Because they didn’t attach long random strings to the plate numbers — i.e., salt — it was trivially easy to hash all valid license plate numbers and deanonymize all the data.
Of course, this technique is not news.
Hanno • June 25, 2014 7:05 AM
I don’t know exactly how US license plates look like, but I assume the number of variations is quite limited (let’s say in the thousands). Then even salting the hash wouldn’t have helped a lot – it would have slowed down the attack, but it’d still probably be feasible on any normal computer.