[Cryptography] Pragmatic, column-level data encryption at rest. Possible?
John-Mark Gurney
jmg at funkthat.com
Fri May 6 19:06:51 EDT 2016
Jaycevee wrote this message on Wed, Apr 27, 2016 at 11:48 -0700:
> The way I see it, there are two issues. I can't work out how you can
> make the data searchable without storing an index of unsalted hashes,
> which obviously becomes the weak point in the cryptosystem protecting
> the data. Even with the index of hashes, you can't search on partial
> values, but let's put that aside for a moment.
How searchable do you need it to be? If you just need equality, use
SIV[1] and you don't have the issue w/ unsalted hashes.
[1] https://tools.ietf.org/html/rfc5297
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cryptography
mailing list