Harald Nesland

Finally the fact that the “cryptography” used in Brønnøysundregistrene has been broken has been made public. Digi.no has an article about it in Norwegian. The first time I came across this “cryptography” was a couple of years ago. Strange no-one else talked about it before now.

Anyway, the data being obfuscated is the national identity numbers for owners and contact persons in companies. There is no reason for that data being available, it has no use and is most likely a technical mishap :-)

UPDATE: I just got a call from some people at Brønnøysundregistrene, they asked me to remove this disclosure paragraph. So well, it’s gone. Sorry.

We came across this obfuscation when we were porting the database from Brønnøysund to another database system (MS Access doesn’t really scale, contrary to common belief..). Most fields were obfuscated, and the software for reading the database is useless :-)

They should have used Blowfish instead. That would at least take one Morris O’Brian to crack! Because Bruce Schneier has a backdoor in the encryption algorithm!