Low‑Entropy PII Torture Vector (ciphertext‑only exposure)

Goal
Prove that pointers for low‑entropy PII do not expose plaintext digest and DO include ciphertext_digest per policy class.

Acceptance Criteria
- Add test vectors (emails, phone numbers, short strings).
- When privacy class `pii_low_entropy` is applied, public projection omits `digest` and includes `ciphertext_digest`.
- Negative case: CI test fails if `digest` appears in public pointer for a low‑entropy field.
- Document how to classify additional selectors via policy.

Notes
- Reference: ADR‑0004 Policy Hooks; governance_policy schema extension.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Low‑Entropy PII Torture Vector (ciphertext‑only exposure) #49

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Low‑Entropy PII Torture Vector (ciphertext‑only exposure) #49

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions