Re: [ADMIN] Secure DB Systems - How to
| От | Daniel Struck |
|---|---|
| Тема | Re: [ADMIN] Secure DB Systems - How to |
| Дата | |
| Msg-id | 20040729111608.0ef34e4b@gentoo обсуждение исходный текст |
| Ответ на | Re: [ADMIN] Secure DB Systems - How to (Greg Stark <gsstark@mit.edu>) |
| Список | pgsql-php |
> If searching for exact matches works then you're using a naive encryption > system. The problem is that it also means your database is vulnerable to > dictionary attacks. Good encryption systems will include random padding to > ensure that you can't attack it by merely guessing many possible plaintexts > and verifying to see if any match. To prevent this, I use in my implementation for every encrypted value a corresponding IV to prevent that the same value willgive the same crypted text. This is a reason, why I must do pattern searches in postgresql itself, because I do need to include the IV-column in thesql statement. Daniel -- Retrovirology Laboratory Luxembourg Centre Hospitalier de Luxembourg 4, rue E. Barblé L-1210 Luxembourg phone: +352-44116105 fax: +352-44116113 web: http://www.retrovirology.lu e-mail: struck.d@retrovirology.lu
В списке pgsql-php по дате отправления: