From: gperreault <gpe...@ve...> - 2009-01-29 15:27:22
|
I ran across the issue of having to salt results so the same clear text would result in different encrypted string. The technique I found was to add 4 random bytes at the beginning of what was being encrypted. These bytes can then be used to alter further encryption downstream. So, encrypting the same string multiple times in a row will always yield different results because the first encrypted block of data (lets say the first 8 bytes) contains 4 randomly generated bytes. The next 8 bytes are salted with the value of the first 4 bytes. The randomly generated 4 bytes are encrypted along with the rest of the data. Decryption starts with the starting block (the first 8 bytes), recuperating those 4 bytes which can then be used to complete the decryption downstream. When the decrypted result is returned, the 4 bytes are discarded. This means that it is not necessary for the encryption to be passed a salt value. So searches on encrypted data, such as using WHERE clause and ORDER BY, should work. The security requirement that a given piece of information be encrypted differently even when it is the same is satisfied by this technique. Thanks. -- View this message in context: http://www.nabble.com/Encryption-salt-tp21729054s21332p21729054.html Sent from the Jasypt - Users mailing list archive at Nabble.com. |