What is the FPE algorithm used?
bhasub opened this issue · 1 comments
Hi,
Is this implementation based on FF1 or FF3?
Thanks.
No idea. This module is simply a wrapper of node-fpe, it just adds ASCII characters to it for better usability. You need to refer to node-fpe about that.
You shouldn't use this module (or node-fpe for that matter) for sensitive data. It's cryptographically weak. It's only meant to scramble plaintext so as not to be human readable. It's not meant to deter sophisticated attacks.
From node-fpe docs:
This module is using the term format-preserving encryption, however it is not a proper fpe implementation. It is basically a substitution cipher, you can use it to scramble and de-scramble strings but it is not recommended to use it with anything sensitive as the encryption is weak.
For fpe, there are other libraries available: