At 11:36 AM 1/31/2004 -0600, Kurt Welgehausen wrote:
You'll have to encrypt each column independently. If you use
the same key and initialization vector, you should be able to
search, but of course, only for exact matches. Also, the size
of each field will probably grow to the next multiple of your
cipher's block size, so you'll need to pad the data before you
encrypt; and you'll have to remove nulls from the encrypted
data. I think the sequence would have to be
If you use an encryption method that makes this true, it is less
secure. Random salt is generally required to maintain security, but it is
the usual risk versus ease of use balance.
the other response, using a SHA (or similar) hash for the search index and
a secure encryption scheme on the actual data, is much better and works
well in practice. That still restricts you to exact match (no using "LIKE"
and similar).
HTH.
michael
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]