Loading
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Differences Between Probabilistic and Deterministic Encryption

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            Differences Between Probabilistic and Deterministic Encryption

            In Shield Platform Encryption, probabilistic encryption randomizes the ciphertext output each time the same plaintext is encrypted. This enhancing security by making patterns harder to discern but it also prevents filtering or exact-match searches on encrypted data. Conversely, deterministic encryption always produces the same ciphertext for a given plaintext. This allows for filtering, sorting, and equality comparisons on encrypted fields, but with a slight reduction in randomness compared to probabilistic encryption.

            Required Editions

            Available in both Salesforce Classic (not available in all orgs) and Lightning Experience.
            Available in: Enterprise, Performance, and Unlimited Editions with the Salesforce Shield or Shield Platform Encryption licenses.
            Available for free in Developer Edition.

            While deterministic encryption offers the benefit of better searching and filtering on encrypted data, it comes with specific functional limitations and should be carefully considered based on the sensitivity of the data and how it needs to be used within Salesforce. Salesforce recommends probabilistic encryption as the default and more secure option when filtering or exact matches are not a requirement.

            Read these pages to learn more about deterministic encryption tradeoffs:

             
            Loading
            Salesforce Help | Article