The Cryptographic Hash Function Pseudonymization component pseudonymizes any string data by computing its hash using MD5, SHA-1, SHA-256, or SHA-512 incorporating a unique seed tied to the hardware device. Considerations

• The same input will produce different outputs across different installations due to unique seed values.
• The hash function converts an input string of any length into a fixed-length output based on the selected algorithm.
• While using MD5 and SHA algorithms, users may experience collisions, where two or more different inputs generate the same hash output.

Example: Hashing an Email Local Part

To illustrate, let’s consider the local part of an email (before the "@" symbol). It can contain Latin letters, numbers, dots, and printable characters such as "!#$%&'*+-/=?^_`{|}~", resulting in approximately 4,664 possible combinations.

Using MD5, which generates a 128-bit hash, there are 2¹²⁸ total possible output values. The probability of two hashes accidentally colliding in this space is approximately 1.47 × 10⁻²⁹, which is extremely low but still a consideration for high-security applications.

For stronger collision resistance, SHA-256 or SHA-512 is recommended, as they offer larger hash spaces and improved cryptographic security.

1. Set up a source that contains a column with string data, including alphanumeric characters, special symbols, whitespace, punctuation, and Unicode characters:

+

2. Drag and drop the Cryptographic hash function masking component. Connect the source to the Cryptographic hash function data masking component using the source's precedence constraint:

3. The precedence constraint (the blue arrow) passes appropriate metadata to the Cryptographic hash function component. If you click on constraint, you will see the metadata being passed:

+

4. Open the component editor. You can leave the default Custom Properties or change them:

• allow or disallow usage of unsafe hash function
• select hash function (MD5, SHA1, SHA256 or SHA512)

+

5. In the Input Columns tab, check only the columns you want to mask using the Cryptographic hash function algorithm:

+

6. The component will create an additional column with the prefix Masked_:

+

7. Create a Connection Manager for the destination. Configure the Source component for the destination.
In the Mappings tab of the Connection Manager, map the newly created Masked_Field column to replace the original value by:

1. Clicking on the available input columns.
2. Selecting the masked value.
3. Mapping it to the appropriate "Available Destination Column".

+

8. Now, all the configurations are complete for the valid values. You can run the package with the Cryptographic hash function data masking component, and see the results of data masking in the Destination component by clicking the Preview button:

+