|
|
|
|
|
|
by FreakLegion
1685 days ago
|
|
|
> - either a unique key would be stored in the database for each user similar to a salt (vulnerable to DB dump) Sort of. A financial institution will invariably encrypt with AES-256, so the unique value would be a 256-bit initialization vector, or IV. Usually that's fancy talk for "one-time pad XOR'd against the first block of plaintext before encrypting", but it depends on the cipher mode. > is there a method which would secure SSN's against someone who has the access levels necessary to pull off the three above attacks? Yes, for example AES with an IV (among many others). The IV isn't secret and revealing it to an attacker doesn't compromise the encryption at all. |
|
|