Re: Looking for advice on database encryption
От | Jonathan Bond-Caron |
---|---|
Тема | Re: Looking for advice on database encryption |
Дата | |
Msg-id | 005a01c9bee6$ef0a8790$cd1f96b0$@com обсуждение исходный текст |
Ответ на | Re: Looking for advice on database encryption (Bill Moran <wmoran@potentialtech.com>) |
Ответы |
Re: Looking for advice on database encryption
|
Список | pgsql-general |
On Thu Apr 16 05:06 PM, Bill Moran wrote: > > The problem comes when the company head wants to search through the > database to find out which employee has a specific SSN. He should be > able to do so, since he has access to everything, but the logistics of > doing so in a reasonable amount of time are rather complex and very > time consuming. On a million rows with the SSN unencrypted, such a > query would take less than a second with an appropriate index, but > pulling those million rows into the application in order to decrypt > each one and see if it matches can easily take a half hour or longer. > > That's where we're having difficulty. Our requirements are that the > data must be strongly protected, but the appropriate people must be > able to do (often complex) searches on it that complete in record time. > > -- Would storing a one-way hash of the SSN work for you? i.e. combine sha1 and/or md5, use a salt... SELECT ssn_encrypted FROM employees WHERE ssn_hash = yourhashmethod(SSN_PLAINTEXT) So you have both an encrypted version of the SSN and a one-way hash of it. That's how we store credit card numbers.
В списке pgsql-general по дате отправления: