Glossary
Hashing
Hashing is a cryptographic process used to secure sensitive data, such as cardholder information, by transforming it into a fixed-length, unreadable message digest. This transformation is performed using a hash function, a type of one-way mathematical function that takes an input (or 'message') and returns a fixed-size string of bytes. The output, typically known as a hash code or message digest, appears random and does not reveal any information about the input.
Hash functions have several key properties that make them suitable for security purposes:
In the context of PCI DSS (Payment Card Industry Data Security Standard), hashing is used to render the Primary Account Number (PAN) unreadable. To enhance security, it is recommended that hashed cardholder data incorporate an input variable, commonly referred to as "salt". Adding salt to the hashing process involves including additional random data to the input of a hash function, which helps defend against attacks using pre-computed hashes (like rainbow table attacks) to crack the hash.
For organizations and entities handling sensitive cardholder data, adhering to industry standards such as NIST (National Institute of Standards and Technology) Special Publications 800-107 and 800-106, as well as the Federal Information Processing Standard (FIPS) 180-4 and FIPS 202, is crucial. These documents provide detailed guidelines on secure cryptographic hashing techniques, including recommendations on secure hash algorithms like SHA-256 and SHA-3, ensuring that the implementation of hashing achieves the desired level of security.