[jasypt-users] Encryption salt

[gperreault <gpe...@ve...>]

I ran across the issue of having to salt results so the same clear text would
result in different encrypted string. The technique I found was to add 4
random bytes at the beginning of what was being encrypted. These bytes can
then be used to alter further encryption downstream. So, encrypting the same
string multiple times in a row will always yield different results because
the first encrypted block of data (lets say the first 8 bytes) contains 4
randomly generated bytes. The next 8 bytes are salted with the value of the
first 4 bytes. The randomly generated 4 bytes are encrypted along with the
rest of the data.

Decryption starts with the starting block (the first 8 bytes), recuperating
those 4 bytes which can then be used to complete the decryption downstream.
When the decrypted result is returned, the 4 bytes are discarded.

This means that it is not necessary for the encryption to be passed a salt
value. So searches on encrypted data, such as using WHERE clause and ORDER
BY, should work. The security requirement that a given piece of information
be encrypted differently even when it is the same is satisfied by this
technique.

Thanks.
-- 
View this message in context: http://www.nabble.com/Encryption-salt-tp21729054s21332p21729054.html
Sent from the Jasypt - Users mailing list archive at Nabble.com.