If you are going to rely on obfuscation to protect valuable data, you might want to consider not posting the particular method you will use on a public mailing list.
I think any method you implement will lower the overall security of the system. But, if you must search for encrypted text, you could have another representation of the text salted and hashed word for word. Then salt and hash each search word and search for it in the hashed text. You're still leaking information about word popularity if you do this which may help a determined attacker. ----- Original Message ---- From: Baron Schwartz <[EMAIL PROTECTED]> To: mos <[EMAIL PROTECTED]> Cc: mysql@lists.mysql.com Sent: Friday, October 26, 2007 3:54:11 PM Subject: Re: How to encrypt Text and still be able to use full text search? 3rd Attempt ++ > I also need to protect a couple dozen Float fields and thought I could > obscure them a bit by adding an offset to them based on an encrypted id > stored with each row. It is not going to be as good as encryption but > will help to obfuscate the data. How much will obfuscation save you? Are you saving nickels and dimes to protect millions of dollars? I've seen people get burned by rolling their own encryption (I could tell you a great war story about a consultant I worked with who invented "encryption" for SSNs in a database). An insurance policy is something else to consider. Heck, buy the insurance and do weak obfuscation, then get the insurance money and go to Mexico. "... I could put strychnine in the guacamole..." Baron -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
