Hashing is a difficult-to-reverse data masking technique that converts a variable length "message" (e.g., someone's password) into an obfuscated, fixed-length, alphanumeric string. The message digest, or "hash value," can be an index look-up for the message. Sometimes there is more than one message per index (a "collision").
Because hashing is not as strong as encryption, or as reliably reversible, it is sometimes suitable for masking alone. More commonly, however, hashing is used with encryption. IRI supplies SHA1 and SHA2 hashing algorithms with FieldShield, along with several encryption functions.
Hash functions are also used to generate checksums or Message Authentication Codes (MAC). These are created and sent along with messages like emails, EFTs, or passwords. When the message is received, its contents are run through the same hash function to create a new MAC. If the original and new MACs match, the message is authentic; if they do not, the message is likely to have been altered, and thus compromised.
Use the field-level hashing functions in both FieldShield in the IRI Data Protector suite, and CoSort in the IRI Data Manager suite, to help mask PII. Create a MAC for one or more column values in each row. Include it as an additional field or provide it in a separate file. Use it to verify that the data in the record was undisturbed.
For more information and another use of hash values, see: