Frequently Asked Questions
What is a digest?
The digest is the long string created from the input columns in the database. This is the key to the pseudonymised data.
For example, using the column NHS Number of "123456789" would yield the following digest:
15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225
Please see the following document entitled "Anonymisation: managing data protection risk code of practice"
The case study on page 79 has an example of using the cryptographic hash technique.
Wikipedia has some more information about digests here
What is salt?
Salt is an extra string of characters we append to the data that is being pseudonymised.
This allows data to be shared for a specific project with no risk of the data being cross referenced by another project that uses different salt.
Adding salt to the data being pseudonymised makes the digest completely different.
For example the NHSNumber "123456789" yields the digest:
15e2b0d3c33891ebb0f1ef609ec419420c20e320ce94c65fbc8c3312448eb225
.. but with the salt phrase "hello" applied it yields:
a4455e6581b78d69e569895c2b615dfa90a6cd56938e40ca91edd26e44deedfe
This is called the avalanche effect
What creates the Digest?
The OpenPseudonymiser software uses SHA-2 (256) to create the digest
Why encrypt the salt?
Rather than telling the users the salt phrase we allow encrypted salt files to be created on this site and shared with project teams for demonstration purposes only.
Organisations wishing to use Open Pseudonymiser for production purposes are advised to make their own arrangements regarding an instance of the key server suitable for their own purposes and to satisfy their own information governance and security requirements.
This protects the mechanisms of digest creation from users and minimises the risk that another team would be able to create the same digest.
Why do I need to register in order to access the software?
We wanted to keep a record of who is downloading the software so that we can contact you with information about new releases.