> If searching for exact matches works then you're using a naive encryption > system. The problem is that it also means your database is vulnerable to > dictionary attacks. Good encryption systems will include random padding to > ensure that you can't attack it by merely guessing many possible plaintexts > and verifying to see if any match. To prevent this, I use in my implementation for every encrypted value a corresponding IV to prevent that the same value will give the same crypted text. This is a reason, why I must do pattern searches in postgresql itself, because I do need to include the IV-column in the sql statement. Daniel -- Retrovirology Laboratory Luxembourg Centre Hospitalier de Luxembourg 4, rue E. Barblé L-1210 Luxembourg phone: +352-44116105 fax: +352-44116113 web: http://www.retrovirology.lu e-mail: struck.d@xxxxxxxxxxxxxxxx
