Skip to main content

TB072 Shuffle Algorithm Leaves Data Unmasked But Reports Success When Used With Extended Connectors




Alert Type



FIPS 199 Severity Level: Critical

CVSS Score: 8.6 based on

Attack Vector (AV): N

Attack Complexity (AC): L

Privileges Required (PR): N

User Interaction (UI): N

Scope (S): C

Confidentiality (C): H

Integrity (I): N

Availability (A): N


An attacker could successfully associate PII data from a column within a table with the original row/key.  This occurs in a job that was reported as successfully masked by the Delphix masking engine when the job run is using the shuffle algorithm and an extended connector (first shipped in  


The shuffle algorithm works differently than other algorithms which aim to redact or mask individual items. Rather, the shuffle algorithm redistributes all the values of a column such that the same elements exist, but in new, different rows. 


Pre-shuffle example - unmasked data

ID Data column - obscured by shuffle algorithm Zip Code
001 Jane 15221
002 John 26011
003 Ann 12345


Post-shuffle example:  (data moved to a new location relative to the key / other information in the row.  Note that Jane can no longer be associated with her original zip code.

ID Data column - obscured by shuffle algorithm Zip Code
001 John 15221
002 Ann 26011
003 Jane 12345


The anomalous behavior associated with this security bulletin is that the algorithm is not moving the data and hence the PII information that was being shuffled is still associated with the original row/key. 

Contributing Factors

The issue may occur when using the following sub release version of the Delphix Masking Engine:


Major Release Sub Release


Data in a database table’s column which is being masked by the shuffle algorithm using an extended connector to connect to the database is not being moved to a different position within the table’s column.  


  • Customers can use any algorithm other than shuffle to work around this vulnerability.

  • Customers are strongly recommended to upgrade to or later


This issue is resolved in the release.

Additional Information


Related Documents