There are some "order preserving encryption" (OPE) schemes, but they are
less secure.
And indeed, it's not cryptsetup-related.
I guess you should find something about that on Internet.
Best regards,
Quentin
Le 16/12/2014 16:58, Arno Wagner a écrit :
Hi,
not really a topic for this list, but I will answer anyways.
No, you cannot do this. Proof idea: If you can do lookup,
you can break the encryption by checking whether a person is
in there via the lookup functionality.
Sure, if you only allow proper partial names, the attacker
does not get the last character of the name, but that does
not help much. There are not enough names in the world to
make this attack too costly, and the attacker can do it
character-by-character by using longer and longer partial
names.
The thing is that the possibility of lookup directly
implies the data is _not_ protected against reading it.
Gr"usse,
Arno
On Tue, Dec 16, 2014 at 13:22:17 CET, bill wrote:
I have conflicting needs and fear that they may be unresolvable.
I. I need to store patient names (3 fields: last, first, middle
initial) with the first and last names encrypted.
2. I need to be able to do partial name lookups if the user enters a
partial first or last name.
I presume that after encryption the names are no longer in
alphabetical order, so looking up using an encrypted partial name
will not result in a set of names beginning with that partial name.
Is there an approach to this, or need I go back to my boss and
suggest "plan B."
--
Bill Drescher
william {at} TechServSys {dot} com
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
