c# - SQL Server Consistent Column Encryption -
i have simple sql server requirements have column of type int
, want encrypt column given function used encrypt column should generate same value each time called.
context
- i have system 2 user roles source role, target role
- the source role users generate tables following structure id => int metadata columns => varchar
- my system generate copy of source table obfuscated id
- the target role users have access generated table , can add/update metadata columns shouldn't know clear id
my trials
- i have tried
encryptbykey
authenticator , without authenticator each time call function,it generates different value beneficial in scenarios mine not 1 of them :) - also have tried using
encryptbyasymkey
, same behavior appeared different output each call - i have found forum post mentioning sql server using random initialization vector
my question is, possible solutions achieve requirements considering function used encrypt tables millions of records.
what possible solutions achieve requirements
there none.
tldr;
modern encryption must satisfy several properties, 1 of each semantic security. semantic security in layman's terms means if have encrypted messages cannot derive additional information plain text message. requirements, however, directly contradict this, having access enough cyphered messages, 1 can derive meaning of plain text. how german machine enigma cracked during 2-nd world war (they reused key, whereas want fix iv. result same though - plain text can revealed).
for purpose initialisation vectors have been invented , must used.
what shall do? there 2 options really:
- clarify requirements
- use map not imply semantic security, e.g. (1 -> 9478, 2 -> 9572, etc). option useful if trying obfuscate things id, e.g. don't want make obvious how many products company has sale.
Comments
Post a Comment