From b8e72c939dc0319a1e88afdf6ddd6bf56665170a Mon Sep 17 00:00:00 2001
From: Johan Wikman <johan.wikman@mariadb.com>
Date: Mon, 22 Jan 2018 13:19:03 +0200
Subject: [PATCH] Be specific about the dangers of obfuscation

---
 Documentation/Filters/Masking.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Documentation/Filters/Masking.md b/Documentation/Filters/Masking.md
index 6fe06cbb9..6c9cea40c 100644
--- a/Documentation/Filters/Masking.md
+++ b/Documentation/Filters/Masking.md
@@ -220,6 +220,12 @@ The obfuscate rule allows the obfuscation of the value
 by passing it through an obfuscation algorithm.
 Current solution uses a nonreversible obfuscation approach.
 
+However, note that although it is in principle impossible to obtain the
+original value from the obfuscated one, if the range of possible original
+values is limited, it is straightforward to figure out the possible
+original values by running all possible values through the obfuscation
+algortihm and then comparing the results.
+
 The minimal configuration is:
 
 ```