SAS provides strategies for protecting information that is associated with a SAS deployment.
Some components supporting this protection are based on third-party components that
are incorporated into the SAS product delivery, and some are SAS-specific components.
SAS provides products and third-party strategies for protecting data and
credentials (user IDs and passwords) that are exchanged in a networked environment. Various
security strategies are used to maintain data usability and data confidentiality,
as well as to validate the integrity of content. Various
encryption, hashing, and encoding algorithms are used by SAS to protect your data in transit
or data at rest.
encoding
Encoding transforms data into another format using a scheme that is
publicly available so that it can easily be reversed. It does not
require a key. The only thing required to decode it is the algorithm
that was used to encode it.
Encoding obfuscates
the data. Your data should be protected by other security controls
as well. Use file system permissions or other access control mechanisms.
Encoding does not provide data confidentiality.
Examples are SAS002,
SAS003, and SAS004 encoding and SAS Proprietary 32-bit fixed key encoding.
encryption
Encryption transforms data into another format in such a way that only specific individual(s)
can reverse the transformation. It uses a key that is kept secret, in conjunction
with the
plaintext and the algorithm, in order to perform the encryption operation. As such, the
ciphertext, algorithm, and key are all required to return to the plaintext. Example encryption
algorithms are AES and RSA.
hashing
Hashes
are commonly used to store passwords to prevent them from being viewed.
Hash algorithms are one way functions. They turn any amount of data
into a fixed-length "fingerprint" that cannot be reversed.
If the input changes by even a tiny bit, the resulting hash is completely
different. When passwords are hashed, only the hash is kept. To verify
a password, you hash the password and check to see whether the password
matches the stored hash.
Examples are SHA-256
and 512 hashing algorithms.
salting
Salt is data used as an additional input to the encryption algorithm. When the salt
is being used, the first eight bytes of the encrypted data
are reserved for the salt. The salt value is generated at random when encrypting a
file and read from the encrypted file when it is decrypted.
Examples are AES with
16-bit salt (SAS003) and AES with 64-bit salt (SAS004).