http://blogs.msdn.com/b/sqlcat/archive/2005/09/16/469257.aspxAt least two customers that I’ve worked with in the past month have been building Data Warehouses that contain Social Security Numbers (SSN) – in one case it is even being used as a foreign key for a very large fact table. These customers were interesteden-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/sqlcat/archive/2005/09/16/469257.aspx#8994244Fri, 10 Oct 2008 16:24:59 GMT91d46819-8472-40ad-a661-2c78acb4018c:8994244John Magnabosco<p>Databases often contain sensitive information and cell-level encryption is a very effective method to...</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=8994244" width="1" height="1">http://blogs.msdn.com/b/sqlcat/archive/2005/09/16/469257.aspx#481253Sat, 15 Oct 2005 01:18:40 GMT91d46819-8472-40ad-a661-2c78acb4018c:481253Stuart Ozer MSFTBob -- If you used a **different** salt for each SSN, somewhere you would need to keep track of the salt values associated with each SSN. Otherwise, any new incoming 'transaction' data that you want to store for the SSN could not be associated with the hashed SSN. That list of salt values could be vulnerable to discovery and would allow the same kind of attack as discovering the single salt.<div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=481253" width="1" height="1">http://blogs.msdn.com/b/sqlcat/archive/2005/09/16/469257.aspx#480672Thu, 13 Oct 2005 20:15:41 GMT91d46819-8472-40ad-a661-2c78acb4018c:480672Bobsalt prevents dictionary attacks (they can't precompute hashes for all possible salt values), right? <br>so as long as I use a different salt value for each SSN, why would I need to hide the salt? <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=480672" width="1" height="1">