Re: Looking for advice on database encryption - Mailing list pgsql-general

From Eric Soroos
Subject Re: Looking for advice on database encryption
Date
Msg-id 2DC424B7-7303-4A31-85C0-8C59754461A1@soroos.net
Whole thread Raw
In response to Re: Looking for advice on database encryption  (John R Pierce <pierce@hogranch.com>)
List pgsql-general
>>
>> That's where we're having difficulty.  Our requirements are that the
>> data must be strongly protected, but the appropriate people must be
>> able to do (often complex) searches on it that complete in record
>> time.
>>
>
> an index on the encrypted SSN field would do this just fine.     if
> authorized person needs to find the record with a specific SSN, they
> encrypt that SSN and then look up the ciphertext in the database...
> done.
>

This will only work for e(lectronic?) code book ciphers, and not
chained block ciphers, since the initialization vector will randomize
the output of the encryption so that E(foo) != E(foo) just to prevent
this sort of attack.

You're looking for a hash function, since that's a one way, stable
function meant for comparing.

eric



pgsql-general by date:

Previous
From: Bill Moran
Date:
Subject: Re: Looking for advice on database encryption
Next
From: Bill Moran
Date:
Subject: Re: Looking for advice on database encryption