Luhn algorithm issues

Question

I decided to use the Luhn alghorithm to validate some swedish social security numbers. By writing the function myself i got this to work as planned, although there are some issues. With my code and the others i've tried i've found out that it still validates easy combinations for example like 2222222222 and 4444444444 as valid.

Those two examples as easily avoided, but then it got me wondering about the rest of the combinations that are fake but still validates true by using the algorithm.

Is it me, and those examples that i've looked at, that has done something wrong with the code or is this a known error with the algorithm? If so, how can i solve that or is there some other more suitable approach?

Answer 1

The Luhn algorithm isn't meant to validate whether a SSN number is valid. Only that it is in a valid format. It helps to catch incorrectly entered numbers and make a hacker's/spammer's attempts to break your system more difficult. It isn't meant to stop incorrect numbers from being entered.

This algorithm is also used for credit card numbers in the US. But test card numbers like 4111111111111111 will pass just fine. It is very helpful in catching bad numbers before you attempt to make a payment which incurs a cost every time you do even if it isn't successful. But to ultimately know if a credit card number is good you need to actually charge against it.

Answer 2

Theoretically, those are valid numbers - the Luhn algorithm is a checksum for people entering numbers wrong, not for telling whether they've made them up.

For instance, one of the standard test credit cards used in payment gateways (in the UK) is 4444333322221111, which happens to be a valid Visa card number. Since the card isn't assigned to anyone, attempting to actually pay with it would fail, but that has nothing to do with check digits, and everything to do with the meaning behind the digits.