Yet Equifax continues to evade giving details on the attack. That itself is damning evidence they weren't doing everything they should have been to protect their servers and data.
Exactly. You can't have perfect trust in every citizen to keep track of these things. And if it's a government issued ID in the first place, I see no trouble with them having your private key as well. Just don't reuse that key.
This would take a lot of solid investment politically, and technically, to make it even slightly feasible to work for the average Joe.
or a digital signature, or a MAC. Something where we could verify against a publicly-known value safely, and without giving that secret part away to anyone else. The secret would be between the Federal Government and the citizen.
I suppose the information is hidden to prevent gaming the system. As someone mentioned in another thread, they took out a loan for $1000, sat on it and just paid it off. Credit score goes up with zero risk for just the cost of interest. If the algorithm were exposed, it would be easier to game.
If you're just hashing with SHA2 and a salt, an attacker with a run-of-the-mill GPU could crack any given hashing quite quickly. It might still take quite a bit of time to get all 143 million, but that's fine. Sell off the score in blocks of 10,000 and let the customer know they have to reverse the hashes themselves.
Right, which is where I think the actual return value ought to be "undefined" or something. Or an error. But I'm clearly in the minority on my thoughts of the js type system.
But then again, you can avoid having to make intertype comparisons in the first place by following reasonable guidelines. As funny as this case is, I can't imagine how I'd run into it in practice.
Bankruptcy is the strange other side of the US debt system. In this case, it would be an unfair get out of jail free card, a shirking of responsibility.