[Cryptography] New NIST standard for Format Preserving Encryption
Perry E. Metzger
perry at piermont.com
Wed Mar 30 15:02:44 EDT 2016
Quoting:
Format-preserving encryption (FPE) is designed for data that is not
necessarily binary. In particular, given any finite set of symbols,
like the decimal numerals, a method for FPE transforms data that is
formatted as a sequence of the symbols in such a way that the
encrypted form of the data has the same format, including the length,
as the original data. Thus, an FPE encrypted SSN would be a sequence
of nine decimal digits.
FPE facilitates the targeting of encryption
to sensitive information, as well as the retrofitting of encryption
technology to legacy applications, where a conventional encryption
mode might not be feasible. For example, database applications may
not support changes to the length or format of data fields. FPE has
emerged as a useful cryptographic tool, whose applications include
financial-information security, data sanitization , and the
transparent encryption of fields in legacy databases.
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list