ROS Didier
Hi Phil

    Thank you for this recommendation, but I posted on this public list only generic examples that have nothing to do
withthe works done in my company.
    These examples serve me only to discuss about the subject of data encryption and performance
    My answers to your remarks :

Why do you need to search by credit card number?
 Again, this is just an example. I just want to find a solution to query a column containing encrypted data with good

one option is to use an encryption function that doesn't salt the data
I am interested. Can you give some examples of these encryption function that doesn't salt the data.

Best Regards
Didier ROS
Hello Didier,

Your email is  Are you working at Electricite de France, and storing actual customers' credit card
details? How many millions of them?

Note that this mailing list is public; people looking for targets with poor security from which they can harvest credit
cardnumbers might be reading it.
And after you are hacked and all your customers' credit card details are made public, someone will find this thread.

> it's not the best solution, but we have data encryption needs and good 
> performance needs too. I do not know how to do it except the specified 
> procedure..

You should probably employ someone who knows what they are doing.

Sorry for being so direct, but really... storing large quantities of credit card details is the text book example of
somethingthat has to be done correctly.

> if anyone has any proposals to put this in place, I'm interested.

Why do you need to search by credit card number?

If you really really need to do that, then one option is to use an encryption function that doesn't salt the data.  Or
youcould store part of the number (last 4 digits?), or an unsalted hash of the number, unencrypted and indexed, and
thenyou need only to sequentially decrypt (using the salted encryption) e.g. 1/10000 of the card numbers.  But there
arecomplex security issues and tradeoffs involved here.  You probably need to comply with regulations (e.g. "PCI
standards")which will specify what is allowed and what isn't. And if you didn't already know that, you shouldn't be

Good luck, I suppose.


P.S. It seems that you were asking about this a year ago, and got the same answers...

"Phil Endecott"
ROS Didier wrote:
> Can you give some examples of these encryption function 
> that doesn't salt the data.

encrypt(data, 'motdepass', 'aes')

Regards, Phil.