On 26 June 2012 19:08, William "Chops" Westfield wrote: > See also "deterministic encryption" - basically, you set up encryption so > that the same plaintext ALWAYS yields the same cyphertext, and the databa= se > can do all the lookups it needs to do without ever having access to the > plaintext. Key management is still an issue :-( > It is good you have mentioned this as this is a real problem. I think the best would be to create hashes on these keys and use these for lookups -- similar to how passwords are stored on most systems. The only question is then is how long it takes to find the cleartext matching for the hash. I have seen a guy in a security conference using FPGA to generate MD5 and he said his system is able to find something like 2-3 MD5s per hour to sign e-mails. And he said his FPGA card was not the fastest you can find on the market and he used only one... That was a demonstration of weaknesses of signed applications and e-mails. > (I took Stanford's online encryption class, and now I can see more things > that are bad ideas. Prof's first rule: you don't invent encryption syste= ms > yourself. Not algorithms, not key management, not the little details. > LOTS of examples of people taking reasonably secure algorithms and comin= g > up with overall systems that ended up having "obvious" attacks. 802.11 > WEP, for instance.) The medical database problems ought to be a known > problem with a known solution. Find it or buy it. It's probably expensi= ve > :-( ) > Very true! Tamas --=20 int main() { char *a,*s,*q; printf(s=3D"int main() { char *a,*s,*q; printf(s=3D%s%s%s, q=3D%s%s%s%s,s,q,q,a=3D%s%s%s%s,q,q,q,a,a,q); }", q=3D"\"",s,q,q,a=3D"\\",q,q,q,a,a,q); } --=20 http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist .