search

reconhub / epitrix

Small Helpers and Tricks for Epidemics Analysis
http://www.repidemicsconsortium.org/epitrix/
Other
11 stars 5 forks source link

Secret salt in hash_names #6

Closed dirkschumacher closed 6 years ago

dirkschumacher commented 6 years ago

I suggest not to use the word anonymous in the hash_names docs, unless it is clear to the user that this will only be the case if he/she uses a secret salt.

In addition, I think it would be good to use digest::hmac in case the user provides a secret salt. digest::hmac("my secret secret", "my message", algo = "sha512") https://security.stackexchange.com/a/61878

Also I guess a SHA-2 (https://en.wikipedia.org/wiki/SHA_hash_functions) algo should be used by default.

dirkschumacher commented 6 years ago

And even then, using this method can make a dataset anonymous, but not necessarily.