Re: Salting with hash data

HappyCat <noemail> kirjoitti 28.02.2008:

Yes, this is card number data being protected.

There would be around 50-100k log entries monthly, and 6 months of
historical logs kept. On an average month there would be a dozen or so
queries on the data which are mainly used for debugging or analysis.

Hmm... a lot depends on exactly what information might be required for
that "debugging and analysis". I'm afraid there may not be a single
easy solution -- there's not much one can do about the fact that an
adversary who has access to your log can just try out all card numbers
by brute force -- but there might be various measures you could take
to limit the risk.

For example, would it be practical to encrypt the numbers by a random
secret key, and switch the key (without recording the previous one)
every once in a while (say, monthly)? The old data could still be
used for debugging (e.g. to check that two purchases made during the
same month were made with the same card) but would be pretty useless
to an attacker once the key was permanently lost.

Also, can you tolerate a certain amount of false positives or
negatives in your data? For statistical purposes you probably could,
in which case you might be able to use a short hash and add so much
chaff to the database that brute forcing becomes pretty impractical
(since a significant faction of all possible card numbers would yield
false positives).

One measure you could always take to deter brute force guessing would
be to make your hash function slow: if you expect your peak logging
volume to be, say, 10 transactions a minute, choose a hash function
that takes up to 5 seconds to compute on your (presumably fairly fast)
server. One way to accomplish this would be to hash N repetitions of
the card number, where N is some sufficiently huge value; you should
be able to do this without consuming excessive memory, since most hash
implementations should allow you to feed in the string to be hashed in
pieces (and nothing says you can't just pass in the same piece over
and over). Of course, this will not stop an attacker with enough time
and computing power; but even slowing them down, say, ten-million-fold
might still be worthwhile.

--
Ilmari Karonen
To reply by e-mail, please replace ".invalid" with ".net" in address.
.

Relevant Pages

  • Re: Pin generation algorithm question
    ... Generate a long secret key at random. ... be unique to each particular batch of cards. ... Calculate the pin for the card. ... Hash function like SHA-1. ...
    (sci.crypt)
  • Re: Pin generation algorithm question
    ... >> be unique to each particular batch of cards. ... >> Calculate the pin for the card. ... > card contains both the serial number and its hash. ...
    (sci.crypt)
  • Re: Pin generation algorithm question
    ... > Generate a long secret key at random. ... > be unique to each particular batch of cards. ... > number concatenated with the card serial number and put that through a CS ... Convert the hash output to decimal and use those ...
    (sci.crypt)
  • Re: Nokia c110 driver
    ... | Hash: SHA1 ... | need the card for another week or so and if I don't get this one to work ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)
  • Salting with hash data
    ... later point I can use the same hashing algorithm to check if a card number ... is in the log file. ... My current thought is to salt the hash with data derived from the card ...
    (sci.crypt)