You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current approach is strong for PII and similar use cases, but isn't so strong protecting more wordy private information that consists of words that may already be known. For example, if an attacker already has access to some plain text, they could determine the mangled word equivalents for those words and thus find other combinations of them in other places in the mangled text.
A simple hardening against this would be to include several of the previous words in the hash for the current word, meaning that the attacker could only find other strings of those exact same words (and only the final words of that string).
The text was updated successfully, but these errors were encountered:
The current approach is strong for PII and similar use cases, but isn't so strong protecting more wordy private information that consists of words that may already be known. For example, if an attacker already has access to some plain text, they could determine the mangled word equivalents for those words and thus find other combinations of them in other places in the mangled text.
A simple hardening against this would be to include several of the previous words in the hash for the current word, meaning that the attacker could only find other strings of those exact same words (and only the final words of that string).
The text was updated successfully, but these errors were encountered: