You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+12-9Lines changed: 12 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,9 +15,13 @@
15
15
</a>
16
16
</p>
17
17
18
+
**NOTE:** NIST's February 2025 Draft 2 has removed FF3 from the NIST standard.
19
+
20
+
This software is provided for educational and experimental use and comes with no warranty of any kind.
21
+
18
22
# FF3 - Format Preserving Encryption in Python
19
23
20
-
An implementation of the NIST FF3 and draft FF3-1 Format Preserving Encryption (FPE) algorithms in Python.
24
+
An implementation of the NIST FF3 and draft FF3-1 Format Preserving Encryption (FPE) algorithms in Python. FF1 implementations are outside the scope of this open source project.
21
25
22
26
This package implements the FF3 algorithm for Format Preserving Encryption as described in the March 2016 NIST publication 800-38G _Methods for Format-Preserving Encryption_,
23
27
and revised on February 28th, 2019 with a draft update for FF3-1.
@@ -26,8 +30,6 @@ and revised on February 28th, 2019 with a draft update for FF3-1.
*[NIST SP 800-38G Revision 1 (2nd Public Draft)](https://csrc.nist.gov/pubs/sp/800/38/g/r1/2pd)
28
32
29
-
**NOTE:** NIST's Feburary 2025 Draft 2 has removed FF3 from the NIST standard. Contact me about a licensed version of FF1 in Python.
30
-
31
33
Changes to minimum domain size and revised tweak length have been implemented in this package with
32
34
support for both 64-bit and 56-bit tweaks. NIST has only published official test vectors for 64-bit tweaks,
33
35
but draft ACVP test vectors have been used for testing FF3-1. It is expected the final
@@ -57,12 +59,12 @@ Input plaintext has maximum length restrictions based upon the chosen radix (2 *
57
59
* radix 36: 36
58
60
* radix 62: 32
59
61
60
-
To work around string length, its possible to encode longer text in chunks.
62
+
To work around string length, it's possible to encode longer text in chunks.
61
63
62
-
The key length must be 128, 192, or 256 bits in length. The tweak is 7 bytes (FF3-1) or 8 bytes for the origingal FF3.
64
+
The key length must be 128, 192, or 256 bits in length. The tweak is 7 bytes (FF3-1) or 8 bytes for the original FF3.
63
65
64
66
As with any cryptographic package, managing and protecting the key(s) is crucial. The tweak is generally not kept secret.
65
-
This package does not store the key in memory after initializing the cipher.
67
+
This implementation does not intentionally retain key material beyond cipher initialization.
66
68
67
69
## Code Example
68
70
@@ -131,7 +133,8 @@ python3 -m ff3.ff3_test
131
133
## Performance Benchmarks
132
134
133
135
The Mysto FF3 was benchmarked on a MacBook Air (1.1 GHz Quad-Core Intel Core i5)
134
-
performing 70,000 tokenization per second with random 8 character data input.
136
+
performing 70,000 tokenization per second with random 8 character data input. Performance
137
+
results are indicative only and depend on hardware, workload, and configuration
135
138
136
139
To run the performance tests:
137
140
@@ -159,9 +162,9 @@ This implementation was originally based upon the [Capital One Go implementation
159
162
160
163
FPE can be used for data tokenization of sensitive data which is cryptographically reversible. This implementation does not provide any guarantees regarding PCI DSS or other validation.
161
164
162
-
While all NIST and ACVP test vectors pass, this package has not otherwise been extensively tested.
165
+
While all NIST and ACVP test vectors pass, this package has not undergone independent security review or formal cryptographic validation.
163
166
164
-
The cryptographic library used is [PyCryptodome](https://pypi.org/project/pycryptodome/) for AES encryption. FF3 uses a single-block with an IV of 0, which is effectively ECB mode. AES ECB is the only block cipher function which matches the requirement of the FF3 spec.
167
+
The cryptographic library used is [PyCryptodome](https://pypi.org/project/pycryptodome/) for AES encryption. FF3 uses a single-block with an IV of 0, which is effectively ECB mode. AES ECB is the only block cipher function which matches the requirement of the FF3 spec. This does not imply that ECB mode is safe for general-purpose encryption; it is used here solely because it is required by the FF3 specification
165
168
166
169
The domain size was revised in FF3-1 to radix<sup>minLen</sup> >= 1,000,000 and is represented by the constant `DOMAIN_MIN` in `ff3.py`. FF3-1 is in draft status.
0 commit comments