Storing Social Security Numbers

Question

The HR department at the company that I am currently working for has requested that I provide a system for storing employee social security numbers in our company database. The

Answer 1

Well, you haven't given any information on what you are going to do with these numbers. If you ever need to retrieve an SSN, then basically there's almost no point in doing anything with this - store it in clear. Any form of encryption where you have the ciphertext and key in the same place is going to only slow down an attacker a little. This only matters to attackers who can't take huge amounts of data, or who can't just take your whole computer, or who are not competent to join the dots. If you are dealing with the latter case, actual access control in the first place is rather more important.

If, however, you get an SSN externally and want to find out whose account that is, you could use a one-way hash to do that.