Re: Same Inputs, different output = No searching

From: Daniel Sie [MSFT] (dsie_at_online.microsoft.com)
Date: 10/12/04

• Next message: Daniel Sie [MSFT]: "Re: NTE_BAD_KEY error in CryptMsgControl() when decoding an enveloped"
• Previous message: Daniel Sie [MSFT]: "Re: Authority Information Access"
• In reply to: D Barry: "Same Inputs, different output = No searching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 11 Oct 2004 20:01:47 -0700

You can decrypt the copy in DB and then compare, but this probably will be
costly for the decryption operation. Another solution is to use an index
table using the hash as lookup. This way you can have fast lookup, and be
able to decrypt per your requirement.

-- 
Thanks,
Daniel Sie [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.
"D Barry" <google@dcbarry.com> wrote in message 
news:6d9b9a07.0410071227.353dfb4@posting.google.com...
> Help!
>
> Getting my first taste of crypto and CAPICOM. Didn't learn until
> testing that when encypting a value CAPICOM (regardeless of the
> algorithim chosen), there is an element of randomness applied so that
> even with the same inputs (plaintext and secret key), the output
> varies.  I understand why that is valuable (same idea as salting a
> hash), but it was a suprise to me.
>
> My problem is that I am storing SSNs (Socal Security Numbers) as part
> of customer info.  I don't (can't)  to store the SSN plaintext in the
> database, but I do want to be able to search on it for reverse
> lookups.  No problem, thinks I, just ask the user for the search value
> (SSN), encrypt that, and search on that value.     (In otherwords,
> I'll allow you to search by SSN, but I'm not going to (normally) allow
> you to see that value).
>
> Well, the entropy in CAPICOM effectively blows that idea away.  Or
> does it?  I really don't want to roll my own encryption here.
>
> Are there delivered MS solutions / algorithims where  plaintext +
> secret always equals the same encrypted value.  (I can't use secret
> keys that are unique to the machines -- I need to be able to define
> them myself.)
>
>
> Thanks,
>
> David
> 

• Next message: Daniel Sie [MSFT]: "Re: NTE_BAD_KEY error in CryptMsgControl() when decoding an enveloped"
• Previous message: Daniel Sie [MSFT]: "Re: Authority Information Access"
• In reply to: D Barry: "Same Inputs, different output = No searching"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Same Inputs, different output = No searching ... Getting my first taste of crypto and CAPICOM. ... I don't to store the SSN plaintext in the ... , encrypt that, and search on that value. ... secret always equals the same encrypted value. ... (microsoft.public.platformsdk.security) RE: NTE_BAD_DATA ... They are NOT used DIRECTLY to encrypt / decrypt data; ... you should generate a RANDOM SESSION KEY and select a SYMMETRIC ENCRYPTION ... // imported from a BLOB read in from the source file or having ... (microsoft.public.platformsdk.security) Re: Back Doors ... >> Design into the system a master key. ... Encrypt that with public key. ... Decrypt random symmetric key with private key. ... (sci.crypt) Re: CAPI and RC4: can not decrypt when Final parameter is set to F ... to store ASYMMETRIC key pairs - never symmetric keys like RC4, ... Now when you need to encrypt at one place and decrypt at the other normally ... Get a HCRYPTPROV handle to a key container with CryptAcquireContext ... (microsoft.public.platformsdk.security) Re: RSA - Public vs. Private Keys ... This is a common pattern for license software ... your client will send a unique machine hash to the ... will let us decrypt with a Public Key (or simply not ... |> RSA is intended to encrypt messages with public keys only. ... (microsoft.public.dotnet.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint