Solved: Re: Print value in hash format in Qlik Sense Cloud - Qlik Community

AndreasGu · ‎2022-03-16

I have created a sheet that display some metrics. The key dimension (email address) in this table can be identified. Hence I would like to hide it. So I have been searching for some sort of hash-function available in Qlik Sense Cloud. I found something called Hash256 but I'm unable to get it to work.

https://help.qlik.com/en-US/qlikview/May2021/Subsystems/Client/Content/QV_QlikView/Scripting/StringF...

In Edit Expression I use:
=[Hash256(EMAIL_KEY)]

This causes "Error in Expression"

So I need a work around for this. In addition it would be good to use some salt as well like:
Hash256(EMAIL_KEY . 'MY_SECRET_SALT')

At the end I would like to prevent email to be present in any potential CSV/Excel exports.

Levi_Turner · ‎2022-03-16

On your immediate ask, you'll want to write the expression like so: =Hash256([EMAIL_KEY]) . The way that you've written it is declaring that whole string as the field value.

In reality, you'd want to ensure that the field value is hashed in the model as well, so you'd do something like this:

[dataTable]:
LOAD
	HASH256([email]) AS [email],
    [sales];
LOAD 
	'foo' & RECNO() & '@bar.com' AS [email],
	ROUND((RAND()*10000)+1,1) AS [sales]
AUTOGENERATE 1000000;

Doing this on the fly on the front end will needlessly slow down the front-end performance and potentially allow users to create their own sheets / objects which expose the email field in the clear.

On the broader ask, the Hash functions (Hash128 / Hash160 / Hash256) are not cryptographically secure: https://support.qlik.com/articles/000026464

So the question for you is whether you need cryptographic security or whether obfuscation is acceptable.

If actual cryptographic security is needed, you'd want to leverage something outside of Qlik to do the hashing + salting (e.g. calling a lambda function / etc).

If obfuscation is acceptable, I'd personally use the AutoNumber function in a manner like so:

[dataTable]:
LOAD
	'Obscured email ' & AUTONUMBER([email]) AS [email],
    [sales];
LOAD 
	'foo' & RECNO() & '@bar.com' AS [email],
	ROUND((RAND()*10000)+1,1) AS [sales]
AUTOGENERATE 1000000;

This will reduce the field size of the email field a bit since the 43 character output of the HASH256 function is larger than "Obscured Email <some integer>".

View solution in original post

Levi_Turner · ‎2022-03-16

On your immediate ask, you'll want to write the expression like so: =Hash256([EMAIL_KEY]) . The way that you've written it is declaring that whole string as the field value.

In reality, you'd want to ensure that the field value is hashed in the model as well, so you'd do something like this:

[dataTable]:
LOAD
	HASH256([email]) AS [email],
    [sales];
LOAD 
	'foo' & RECNO() & '@bar.com' AS [email],
	ROUND((RAND()*10000)+1,1) AS [sales]
AUTOGENERATE 1000000;

Doing this on the fly on the front end will needlessly slow down the front-end performance and potentially allow users to create their own sheets / objects which expose the email field in the clear.

On the broader ask, the Hash functions (Hash128 / Hash160 / Hash256) are not cryptographically secure: https://support.qlik.com/articles/000026464

So the question for you is whether you need cryptographic security or whether obfuscation is acceptable.

If actual cryptographic security is needed, you'd want to leverage something outside of Qlik to do the hashing + salting (e.g. calling a lambda function / etc).

If obfuscation is acceptable, I'd personally use the AutoNumber function in a manner like so:

[dataTable]:
LOAD
	'Obscured email ' & AUTONUMBER([email]) AS [email],
    [sales];
LOAD 
	'foo' & RECNO() & '@bar.com' AS [email],
	ROUND((RAND()*10000)+1,1) AS [sales]
AUTOGENERATE 1000000;

This will reduce the field size of the email field a bit since the 43 character output of the HASH256 function is larger than "Obscured Email <some integer>".

Print value in hash format in Qlik Sense Cloud

dimension

expression

General Question