Quick Links

Re: [ADMIN] Secure DB Systems - How to

From:	Daniel Struck <struck(dot)d(at)retrovirology(dot)lu>
To:	Greg Stark <gsstark(at)mit(dot)edu>
Cc:	Bruno Wolff III <bruno(at)wolff(dot)to>, Mitch Pirtle <mitchy(at)spacemonkeylabs(dot)com>, pgsql-php(at)postgresql(dot)org
Subject:	Re: [ADMIN] Secure DB Systems - How to
Date:	2004-07-29 09:16:08
Message-ID:	20040729111608.0ef34e4b@gentoo
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-support pgsql-admin pgsql-hackers-win32 pgsql-php pgsql-sql

> If searching for exact matches works then you're using a naive encryption
> system. The problem is that it also means your database is vulnerable to
> dictionary attacks. Good encryption systems will include random padding to
> ensure that you can't attack it by merely guessing many possible plaintexts
> and verifying to see if any match.

To prevent this, I use in my implementation for every encrypted value a corresponding IV to prevent that the same value will give the same crypted text.

This is a reason, why I must do pattern searches in postgresql itself, because I do need to include the IV-column in the sql statement.

Daniel

--
Retrovirology Laboratory Luxembourg
Centre Hospitalier de Luxembourg
4, rue E. Barblé
L-1210 Luxembourg

phone: +352-44116105
fax: +352-44116113
web: http://www.retrovirology.lu
e-mail: struck(dot)d(at)retrovirology(dot)lu

In response to

Re: [ADMIN] Secure DB Systems - How to at 2004-07-28 20:16:10 from Greg Stark

Browse pgadmin-support by date

	From	Date	Subject
Next Message	Andreas Pflug	2004-07-29 10:16:01	Re: two bugs?
Previous Message	Rodríguez Rodríguez, Pere	2004-07-29 08:04:27	two bugs?

Browse pgsql-admin by date

	From	Date	Subject
Next Message	LISTMAN	2004-07-29 12:38:19	Undefined symbol in plpgsql.so library
Previous Message	Bruce Momjian	2004-07-29 06:10:18	Re: [HACKERS] Point in Time Recovery

Browse pgsql-hackers-win32 by date

	From	Date	Subject
Next Message	Anass HAMMEDI	2004-07-29 10:47:22	Sources
Previous Message	Thomas Kellerer	2004-07-29 07:04:31	Re: win32 pgsql not installable

Browse pgsql-php by date

	From	Date	Subject
Next Message	azah azah	2004-07-29 09:45:51	inet_aton in mysql, how to convert it to postresql?
Previous Message	azah azah	2004-07-29 07:58:36	Re: default timestamp in postresql

Browse pgsql-sql by date

	From	Date	Subject
Next Message	Bruno Wolff III	2004-07-29 18:00:10	Re: [ADMIN] Secure DB Systems - How to
Previous Message	tgl	2004-07-29 01:16:32	Re: hey