If you are going to rely on obfuscation to protect valuable data, you might want to
consider not posting the particular method you will use on a public mailing list.
I think any method you implement will lower the overall security of the system. But, if
you must search for encrypted text, you could have another representation of the text
salted and hashed word for word. Then salt and hash each search word and search for it in
the hashed text. You're still leaking information about word popularity if you do this
which may help a determined attacker.
----- Original Message ----
From: Baron Schwartz <baron@stripped>
To: mos <mos99@stripped>
Cc: mysql@stripped
Sent: Friday, October 26, 2007 3:54:11 PM
Subject: Re: How to encrypt Text and still be able to use full text search? 3rd Attempt
++
> I also need to protect a couple dozen Float fields and thought I
could
> obscure them a bit by adding an offset to them based on an encrypted
id
> stored with each row. It is not going to be as good as encryption but
> will help to obfuscate the data.
How much will obfuscation save you? Are you saving nickels and dimes
to
protect millions of dollars? I've seen people get burned by rolling
their own encryption (I could tell you a great war story about a
consultant I worked with who invented "encryption" for SSNs in a
database).
An insurance policy is something else to consider. Heck, buy the
insurance and do weak obfuscation, then get the insurance money and go
to Mexico. "... I could put strychnine in the guacamole..."
Baron
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:
http://lists.mysql.com/mysql?unsub=1
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
