Encryption of user name
I need to encrypt user names that i receive from an external partners SSO. This needs to be done because the user names are assigned to school children. But we still need to be able to track each individual to prevent abuse of our systems, so we have decided to encrypt the user names in our logs etc.
This way, a breach of our systems will not compromise the identity of the children.
Heres my predicament. I have very limited knowledge in this area, so i am looking for advice on which algorithm to use.
I was thinking of using an asymmetrical algorithm, like PGP, and throwing away one of the keys so that we will not be able to decrypt the user name.
My questions:
- Does PGP encryption always provide the same output given the same input?
- Is PGP a good choice for this, or should we use an other algorithm?
- Does anyone have a better suggestion for achieving the same thing - anonymization of the user
encryption
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
add a comment |
I need to encrypt user names that i receive from an external partners SSO. This needs to be done because the user names are assigned to school children. But we still need to be able to track each individual to prevent abuse of our systems, so we have decided to encrypt the user names in our logs etc.
This way, a breach of our systems will not compromise the identity of the children.
Heres my predicament. I have very limited knowledge in this area, so i am looking for advice on which algorithm to use.
I was thinking of using an asymmetrical algorithm, like PGP, and throwing away one of the keys so that we will not be able to decrypt the user name.
My questions:
- Does PGP encryption always provide the same output given the same input?
- Is PGP a good choice for this, or should we use an other algorithm?
- Does anyone have a better suggestion for achieving the same thing - anonymization of the user
encryption
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39
add a comment |
I need to encrypt user names that i receive from an external partners SSO. This needs to be done because the user names are assigned to school children. But we still need to be able to track each individual to prevent abuse of our systems, so we have decided to encrypt the user names in our logs etc.
This way, a breach of our systems will not compromise the identity of the children.
Heres my predicament. I have very limited knowledge in this area, so i am looking for advice on which algorithm to use.
I was thinking of using an asymmetrical algorithm, like PGP, and throwing away one of the keys so that we will not be able to decrypt the user name.
My questions:
- Does PGP encryption always provide the same output given the same input?
- Is PGP a good choice for this, or should we use an other algorithm?
- Does anyone have a better suggestion for achieving the same thing - anonymization of the user
encryption
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
I need to encrypt user names that i receive from an external partners SSO. This needs to be done because the user names are assigned to school children. But we still need to be able to track each individual to prevent abuse of our systems, so we have decided to encrypt the user names in our logs etc.
This way, a breach of our systems will not compromise the identity of the children.
Heres my predicament. I have very limited knowledge in this area, so i am looking for advice on which algorithm to use.
I was thinking of using an asymmetrical algorithm, like PGP, and throwing away one of the keys so that we will not be able to decrypt the user name.
My questions:
- Does PGP encryption always provide the same output given the same input?
- Is PGP a good choice for this, or should we use an other algorithm?
- Does anyone have a better suggestion for achieving the same thing - anonymization of the user
encryption
encryption
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
asked Nov 28 '18 at 13:01
Morten ToudahlMorten Toudahl
130112
130112
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39
add a comment |
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39
add a comment |
2 Answers
2
active
oldest
votes
If you want a one-way function, you don't want encryption. You want hashing. The easiest thing to do is to use a hash like SHA-256. I recommend salting the username before hashing. In this case, I would probably pick a static salt like edu.myschoolname: and put that in front of the username. Then run that through SHA-256. Convert the result to Base-64 or hex encoding, and use the resulting string as the "username."
From a unix command line, this would look like:
$ echo -n "edu.myschoolname:robnapier@myschoolname.edu" | shasum -a 256
09356cf6df6aea20717a346668a1aad986966b192ff2d54244802ecc78f964e3 -
That output is unique to that input string (technically it's not "unique" but you will never find a collision, by accident or by searching). And that output is stable, in that it will always be the same for the given input. (I believe that PGP includes some randomization; if it doesn't, it should.)
(Regarding comments below)
Cryptographic hash algorithms are extremely secure for their purposes. Non-cryptographic hash algorithms are not secure (but also aren't meant to be). There are no major attacks I know of against SHA-2 (which includes SHA-256 and SHA-512).
You're correct that your system needs to be robust against someone with access to the code. If they know what userid they're looking for, however, no system will be resistant to them discovering the masked version of that id. If you encrypt, an attacker with access to the key can just encrypt the value themselves to figure out what it is.
But if you're protecting against the reverse: preventing attackers from determining the id when they do not already know the id they're looking for, the correct solution is a cryptographic hash, specifically SHA-256 or SHA-512. Using PGP to create a one-way function is using a cryptographic primitive for something it is not built to do, and that's always a mistake. If you want a one-way function, you want a hash.
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
add a comment |
I think that PGP is a good Idea, but risk to make usernames hard to memorize, why not simply make a list of usernames composed with user + OrderedNumbers where user can be wichever word you want and oredered number is a 4-5 digit number ordered by birth date of childrens?
Once you have done this you only have to keep a list where the usernames are linked wit the corresponding child abd then you can encript this "nice to have" list with a key only you know.
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53520080%2fencryption-of-user-name%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If you want a one-way function, you don't want encryption. You want hashing. The easiest thing to do is to use a hash like SHA-256. I recommend salting the username before hashing. In this case, I would probably pick a static salt like edu.myschoolname: and put that in front of the username. Then run that through SHA-256. Convert the result to Base-64 or hex encoding, and use the resulting string as the "username."
From a unix command line, this would look like:
$ echo -n "edu.myschoolname:robnapier@myschoolname.edu" | shasum -a 256
09356cf6df6aea20717a346668a1aad986966b192ff2d54244802ecc78f964e3 -
That output is unique to that input string (technically it's not "unique" but you will never find a collision, by accident or by searching). And that output is stable, in that it will always be the same for the given input. (I believe that PGP includes some randomization; if it doesn't, it should.)
(Regarding comments below)
Cryptographic hash algorithms are extremely secure for their purposes. Non-cryptographic hash algorithms are not secure (but also aren't meant to be). There are no major attacks I know of against SHA-2 (which includes SHA-256 and SHA-512).
You're correct that your system needs to be robust against someone with access to the code. If they know what userid they're looking for, however, no system will be resistant to them discovering the masked version of that id. If you encrypt, an attacker with access to the key can just encrypt the value themselves to figure out what it is.
But if you're protecting against the reverse: preventing attackers from determining the id when they do not already know the id they're looking for, the correct solution is a cryptographic hash, specifically SHA-256 or SHA-512. Using PGP to create a one-way function is using a cryptographic primitive for something it is not built to do, and that's always a mistake. If you want a one-way function, you want a hash.
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
add a comment |
If you want a one-way function, you don't want encryption. You want hashing. The easiest thing to do is to use a hash like SHA-256. I recommend salting the username before hashing. In this case, I would probably pick a static salt like edu.myschoolname: and put that in front of the username. Then run that through SHA-256. Convert the result to Base-64 or hex encoding, and use the resulting string as the "username."
From a unix command line, this would look like:
$ echo -n "edu.myschoolname:robnapier@myschoolname.edu" | shasum -a 256
09356cf6df6aea20717a346668a1aad986966b192ff2d54244802ecc78f964e3 -
That output is unique to that input string (technically it's not "unique" but you will never find a collision, by accident or by searching). And that output is stable, in that it will always be the same for the given input. (I believe that PGP includes some randomization; if it doesn't, it should.)
(Regarding comments below)
Cryptographic hash algorithms are extremely secure for their purposes. Non-cryptographic hash algorithms are not secure (but also aren't meant to be). There are no major attacks I know of against SHA-2 (which includes SHA-256 and SHA-512).
You're correct that your system needs to be robust against someone with access to the code. If they know what userid they're looking for, however, no system will be resistant to them discovering the masked version of that id. If you encrypt, an attacker with access to the key can just encrypt the value themselves to figure out what it is.
But if you're protecting against the reverse: preventing attackers from determining the id when they do not already know the id they're looking for, the correct solution is a cryptographic hash, specifically SHA-256 or SHA-512. Using PGP to create a one-way function is using a cryptographic primitive for something it is not built to do, and that's always a mistake. If you want a one-way function, you want a hash.
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
add a comment |
If you want a one-way function, you don't want encryption. You want hashing. The easiest thing to do is to use a hash like SHA-256. I recommend salting the username before hashing. In this case, I would probably pick a static salt like edu.myschoolname: and put that in front of the username. Then run that through SHA-256. Convert the result to Base-64 or hex encoding, and use the resulting string as the "username."
From a unix command line, this would look like:
$ echo -n "edu.myschoolname:robnapier@myschoolname.edu" | shasum -a 256
09356cf6df6aea20717a346668a1aad986966b192ff2d54244802ecc78f964e3 -
That output is unique to that input string (technically it's not "unique" but you will never find a collision, by accident or by searching). And that output is stable, in that it will always be the same for the given input. (I believe that PGP includes some randomization; if it doesn't, it should.)
(Regarding comments below)
Cryptographic hash algorithms are extremely secure for their purposes. Non-cryptographic hash algorithms are not secure (but also aren't meant to be). There are no major attacks I know of against SHA-2 (which includes SHA-256 and SHA-512).
You're correct that your system needs to be robust against someone with access to the code. If they know what userid they're looking for, however, no system will be resistant to them discovering the masked version of that id. If you encrypt, an attacker with access to the key can just encrypt the value themselves to figure out what it is.
But if you're protecting against the reverse: preventing attackers from determining the id when they do not already know the id they're looking for, the correct solution is a cryptographic hash, specifically SHA-256 or SHA-512. Using PGP to create a one-way function is using a cryptographic primitive for something it is not built to do, and that's always a mistake. If you want a one-way function, you want a hash.
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
If you want a one-way function, you don't want encryption. You want hashing. The easiest thing to do is to use a hash like SHA-256. I recommend salting the username before hashing. In this case, I would probably pick a static salt like edu.myschoolname: and put that in front of the username. Then run that through SHA-256. Convert the result to Base-64 or hex encoding, and use the resulting string as the "username."
From a unix command line, this would look like:
$ echo -n "edu.myschoolname:robnapier@myschoolname.edu" | shasum -a 256
09356cf6df6aea20717a346668a1aad986966b192ff2d54244802ecc78f964e3 -
That output is unique to that input string (technically it's not "unique" but you will never find a collision, by accident or by searching). And that output is stable, in that it will always be the same for the given input. (I believe that PGP includes some randomization; if it doesn't, it should.)
(Regarding comments below)
Cryptographic hash algorithms are extremely secure for their purposes. Non-cryptographic hash algorithms are not secure (but also aren't meant to be). There are no major attacks I know of against SHA-2 (which includes SHA-256 and SHA-512).
You're correct that your system needs to be robust against someone with access to the code. If they know what userid they're looking for, however, no system will be resistant to them discovering the masked version of that id. If you encrypt, an attacker with access to the key can just encrypt the value themselves to figure out what it is.
But if you're protecting against the reverse: preventing attackers from determining the id when they do not already know the id they're looking for, the correct solution is a cryptographic hash, specifically SHA-256 or SHA-512. Using PGP to create a one-way function is using a cryptographic primitive for something it is not built to do, and that's always a mistake. If you want a one-way function, you want a hash.
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
edited Nov 29 '18 at 14:49
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
answered Nov 28 '18 at 13:33
Rob NapierRob Napier
205k28303431
205k28303431
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
add a comment |
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
Thank you for the answer. As i said, i have limited knowledge in this area, but i was under the impression that hashing is not very secure. We do not want a person with access to source code (e.g. a hacker) to be able to undo the encryption/hashing of the user names. Which is why i thought about using an assymetrical encryption algorithm without saving both keys.
– Morten Toudahl
Nov 29 '18 at 11:45
add a comment |
I think that PGP is a good Idea, but risk to make usernames hard to memorize, why not simply make a list of usernames composed with user + OrderedNumbers where user can be wichever word you want and oredered number is a 4-5 digit number ordered by birth date of childrens?
Once you have done this you only have to keep a list where the usernames are linked wit the corresponding child abd then you can encript this "nice to have" list with a key only you know.
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
add a comment |
I think that PGP is a good Idea, but risk to make usernames hard to memorize, why not simply make a list of usernames composed with user + OrderedNumbers where user can be wichever word you want and oredered number is a 4-5 digit number ordered by birth date of childrens?
Once you have done this you only have to keep a list where the usernames are linked wit the corresponding child abd then you can encript this "nice to have" list with a key only you know.
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
add a comment |
I think that PGP is a good Idea, but risk to make usernames hard to memorize, why not simply make a list of usernames composed with user + OrderedNumbers where user can be wichever word you want and oredered number is a 4-5 digit number ordered by birth date of childrens?
Once you have done this you only have to keep a list where the usernames are linked wit the corresponding child abd then you can encript this "nice to have" list with a key only you know.
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
I think that PGP is a good Idea, but risk to make usernames hard to memorize, why not simply make a list of usernames composed with user + OrderedNumbers where user can be wichever word you want and oredered number is a 4-5 digit number ordered by birth date of childrens?
Once you have done this you only have to keep a list where the usernames are linked wit the corresponding child abd then you can encript this "nice to have" list with a key only you know.
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
answered Nov 28 '18 at 13:22
Leonardo SilvagniLeonardo Silvagni
1337
1337
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
add a comment |
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
The people logging into our systems, in this way, are going to use the SSO solution provided by our external partner, and thus will never use/know the usernames that we store in our database. But we still need to be able to accociate logs with the same unique user each time
– Morten Toudahl
Nov 29 '18 at 11:41
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53520080%2fencryption-of-user-name%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
are going to just store or you want to process with queries? You should also tell more about your system. Who connects how, etc.
– kelalaka
Nov 28 '18 at 15:34
I do not wish to go into too much details. But we create a user in our system, so we can associate various usage logs with an internally created user ID, which are then primarily used to prevent abuse but also charge out customers for our services.
– Morten Toudahl
Nov 29 '18 at 11:39