Try reporting your employee's hashed SSN to the IRS ... won't work.
Same with using a hashed credit card number to bill your customer.
You need to be able to decrypt those values.
On Sat, Feb 7, 2009 at 1:50 PM, Dov Rosenberg <drosenber..nquira.com> wrote:
> One of our customers who is big into security had a pretty good idea. Their
> concern was that if the sensitive data could be decrypted it was vulnerable
> and considered a security risk. They proposed using a one way encryption
> algorithm and then only comparing the hash values of the sensitive data -
> not the actual data itself. I am not certain which algorithm they were
> talking about.
>
> Dov Rosenberg
This archive was generated by hypermail 2.0.0 : Sat Feb 07 2009 - 16:27:26 EST