General information
Category:
Databases,Tables, Views, Indexing and SQL syntax
Title:
Encryption & Indexing - What do you do?
Environment versions
Network:
Windows 2003 Server
We're trying to beef up the security of our member data by moving from an in-house encryption algorithm to AES-256. We used to use a single key for encrypting each Social Security Number. This does mean, however, that if someone can get a hold of the key, they have access to every SSN.
There was a benefit to a single key though. When adding a new personnel record, a search was done to ensure the person did not already exist in the system (possibly under a nickname, etc.) This was done by encrypting the SSN being added and doing a query on the existing encrypted ssns. This kept us from having to unencrypt every ssn in the system.
What do you do? What are your thoughts? Is a single key used to encrypt all ssns with AES-256 sufficient or should each ssn be encrypted using a key generated with a unique seed value?
Thanks for your input!
Rodd
Next
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only