Talk:Format-preserving encryption: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Why does the article state "FFSEM is restricted to digits only and the field length must be between nine and nineteen digits", when the referenced ffsem-spec.pdf says that "We do not recommend the use of FFSEM on sets smaller than 2^32"? |
Why does the article state "FFSEM is restricted to digits only and the field length must be between nine and nineteen digits", when the referenced ffsem-spec.pdf says that "We do not recommend the use of FFSEM on sets smaller than 2^32"? |
||
--[[User:Purplie|Purplie]] ([[User talk:Purplie|talk]]) 00:24, 24 March 2010 (UTC) |
--[[User:Purplie|Purplie]] ([[User talk:Purplie|talk]]) 00:24, 24 March 2010 (UTC) |
||
--- |
---- |
||
What is FCEM? This is not defined. |
|||
---- |
|||
I don't think the statement "FPE is NOT an approved MODE of the AES algorithm" makes any sense, since some particular constructions may be approved or considered secure while others are not. |
I don't think the statement "FPE is NOT an approved MODE of the AES algorithm" makes any sense, since some particular constructions may be approved or considered secure while others are not. <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Purplie|Purplie]] ([[User talk:Purplie|talk]] • [[Special:Contributions/Purplie|contribs]]) 23:13, 23 March 2010 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot--> |
||
---- |
|||
---- <small><span class="autosigned">—Preceding [[Wikipedia:Signatures|unsigned]] comment added by [[User:Purplie|Purplie]] ([[User talk:Purplie|talk]] • [[Special:Contributions/Purplie|contribs]]) 23:13, 23 March 2010 (UTC)</span></small><!-- Template:Unsigned --> <!--Autosigned by SineBot--> |
|||
I removed the "PCI DSS" section for two reasons. Reason the first - The section seemed largely out of place in an article that is otherwise fairly centered on a current type of cryptography being investigated. Including a section about PCI - which is not a cryptographic standard in and of itself and references other standards for support - was distracting and unnecessary IMO. And reason the second - the accepted use of a cryptographic method to satisfy a PCI requirement is entirely up to the discretion of the assessing entity (a QSA in PCI parlance). With information presented in this article and in other easily searchable locations (like the Rogaway, Black, Bellare, Ristenpart etc. papers) can lead a QSA to form an opinion one way or the other. Furthermore, given Visa's recent acceptance of the format preserving methods in its published DFE practices (http://corporate.visa.com/_media/best-practices.pdf), it looks like at least one card brand will allow the use of this method for the very purpose of meeting certain PCI requirements. [[User:Absaroke|Absaroke]] ([[User talk:Absaroke|talk]]) 21:20, 19 October 2009 (UTC)absaroke |
I removed the "PCI DSS" section for two reasons. Reason the first - The section seemed largely out of place in an article that is otherwise fairly centered on a current type of cryptography being investigated. Including a section about PCI - which is not a cryptographic standard in and of itself and references other standards for support - was distracting and unnecessary IMO. And reason the second - the accepted use of a cryptographic method to satisfy a PCI requirement is entirely up to the discretion of the assessing entity (a QSA in PCI parlance). With information presented in this article and in other easily searchable locations (like the Rogaway, Black, Bellare, Ristenpart etc. papers) can lead a QSA to form an opinion one way or the other. Furthermore, given Visa's recent acceptance of the format preserving methods in its published DFE practices (http://corporate.visa.com/_media/best-practices.pdf), it looks like at least one card brand will allow the use of this method for the very purpose of meeting certain PCI requirements. [[User:Absaroke|Absaroke]] ([[User talk:Absaroke|talk]]) 21:20, 19 October 2009 (UTC)absaroke |
||
Revision as of 00:26, 24 March 2010
Why does the article state "FFSEM is restricted to digits only and the field length must be between nine and nineteen digits", when the referenced ffsem-spec.pdf says that "We do not recommend the use of FFSEM on sets smaller than 2^32"? --Purplie (talk) 00:24, 24 March 2010 (UTC)
What is FCEM? This is not defined.
I don't think the statement "FPE is NOT an approved MODE of the AES algorithm" makes any sense, since some particular constructions may be approved or considered secure while others are not. —Preceding unsigned comment added by Purplie (talk • contribs) 23:13, 23 March 2010 (UTC)
I removed the "PCI DSS" section for two reasons. Reason the first - The section seemed largely out of place in an article that is otherwise fairly centered on a current type of cryptography being investigated. Including a section about PCI - which is not a cryptographic standard in and of itself and references other standards for support - was distracting and unnecessary IMO. And reason the second - the accepted use of a cryptographic method to satisfy a PCI requirement is entirely up to the discretion of the assessing entity (a QSA in PCI parlance). With information presented in this article and in other easily searchable locations (like the Rogaway, Black, Bellare, Ristenpart etc. papers) can lead a QSA to form an opinion one way or the other. Furthermore, given Visa's recent acceptance of the format preserving methods in its published DFE practices (http://corporate.visa.com/_media/best-practices.pdf), it looks like at least one card brand will allow the use of this method for the very purpose of meeting certain PCI requirements. Absaroke (talk) 21:20, 19 October 2009 (UTC)absaroke
Anyone else think the organization of this article is a bit schizophrenic? I think we might want to look at some of the other crypto articles and organize it a little more logically? The various FPE constructions and modes should be put into a sub-section, not as individual sections from the root of the article. Anyone else have thoughts? It might be nice to keep the intro, keep the motivation section, maybe add/consolidate a history or summary section of FPE research/methods, then go into the different constructions, and since all good crypto articles include cryptanalysis, we should add that...any thoughts? Absaroke (talk) 21:30, 19 October 2009 (UTC)absaroke