On 1/14/24 01:07, Phil Smith III wrote:
aul Gilmartin asked:
What about Format preserving encryption?
Format-Preserving Encryption is for structured data, i.e., specific fields. You
would not use it on a binary blob; at that point, you'd use XTS or one of the
other AES modes whose output is the same length as the input.
FPE is brilliant. But like everything else, it's not a be-all and
end-all. Phil nails it: not so great for binary blobs.
I *strongly* recommend FPE for the most sensitive information when it's
in a structured form. (Such as credit card numbers coming from the
reader to the POS terminal.) The value of FPE is that you can actually
*use* the info WHILE IT IS ENCRYPTED. This is available *now* and is
significantly easier than homomorphic encryption.
More vendors should offer FPE. The best we get from most vendors is
tokenization, but that doesn't scale well.
-- R; <><
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
