* Thom Brown (t...@linux.com) wrote: > On 10 October 2014 12:45, Stephen Frost <sfr...@snowman.net> wrote: > >> There's a difference between intending that there shouldn't be a way > >> past security and just making access a matter of walking a longer > >> route. > > > > Throwing random 16-digit numbers and associated information at a credit > > card processor could be viewed as "walking a longer route" too. The > > same goes for random key searches or password guesses. > > But those would need to be exhaustive, and in nearly all cases, > impractical.
That would be exactly the idea with this- we make it impractical to get
at the unredacted information.
> Data such as plain credit card numbers stored in a
> column, even with all its data masked, would be easy to determine.
I'm not as convinced of that as you are.. Though I'll point out that in
the use-cases which I've been talking to users about, it isn't credit
cards under discussion.
> Salted and hashed passwords, even with complete visibility of the
> value, isn't vulnerable to scrutiny of particular character values.
> If it were, no-one would use it.
I wasn't suggesting otherwise, but I don't see it as particularly
relevant to the discussion regardless.
Thanks,
Stephen
signature.asc
Description: Digital signature
