Can name and date of birth be hashed somehow to generate a secure identifier?
If you don't trust the third-party providing the opportunity to access the internet at the login stage, you should not trust at any stage. They can save any data entered, including data related to facial recognition. Also they can store any data that you users receive from your server. The risk of such misuse is high, because such data cost money.
Brute-forcing of NAME + SCRAMBLED_DOB + SALT is trivial, because the number of births dates is very small. To represent all possible birth dates in the last 100 years only 15 bits are needed. If you have 1 000 000 people in your database, this would mean just 20 bit. This is 35 bits in total. This means, your database can be easily brute-forced. You can slow it down by using Argon2 or similar instead of SHA256. But it will be still too easy to brute-force. The reason is, that possible secrets are not random, they are very easy to guess.
In case somebody is interested in decrypting data of particular person, it is even more simple. Such decryption can be done immediately, without any brute-forcing.
Your words until a hash contained in the database is found mean that you are going to store hashes in your database. This makes brute-forcing even easier. An attacker doesn't even need to search through different births dates, through names. Instead, the attacker will just take hashes that you store and will just iterate them and will easily find what hashes to what encrypted data are used.
What should you care about? There are many points. Here are some:
- Make sure that connection from user to your system is secure. If it is not secure, soon or later there will be people or companies, that misuse that and will collect data about your users. You will cheat users if your will not explain that to them. Also requesting some kinds of information via insecure channels can be a legal problem even in many developing countries.
- Any measures like encrypting data in your database make little sense if communication channel is not secure.
- Establish reliable authentication. Many people in developing countries have mobile phones. That's why besides passwords consider sending one-time password per SMS.
Start with a QR-code printed on a plastic chip, containing a 256 bit number. From the QR code, name and date of birth you calculate a hash code in such a way that the QR-code is identifiable. And that is the key.
To log in, the user needs the chip, name and date of birth. Without the chip it is unhackable. If your husband/wife/child steals the chip, game over. If you lose the chip and a hacker finds it, they can try to guess name and DoB, but since the QR code is identifiable, they are locked out quickly.
If you lose the chip either access is permanently lost, or something needs to be set up so the person can take their passport or other real world Id to a trusted party to get a new chip. With obvious risks.
I’m sure someone will rip holes into this :-(