Try reporting your employee's hashed SSN to the IRS ... won't work. Same with using a hashed credit card number to bill your customer. You need to be able to decrypt those values.
On Sat, Feb 7, 2009 at 1:50 PM, Dov Rosenberg <[email protected]> wrote: > One of our customers who is big into security had a pretty good idea. Their > concern was that if the sensitive data could be decrypted it was vulnerable > and considered a security risk. They proposed using a one way encryption > algorithm and then only comparing the hash values of the sensitive data - > not the actual data itself. I am not certain which algorithm they were > talking about. > > Dov Rosenberg
