Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> But wouldn't hash field (used for lookup) expose the same information?

Yes absolutely which is why you pick a small substring as the input to the hash function.

For example, for the SSN field, you can use the first 2 digits as the input. Even if you get a digest match, the fields themselves may not actually be the exact same value. SSN, however, given its small range is kind of hard to secure. You might be able to do something like the email address plus SSN as the input into the digest function.

I don't have any online resources specific to this topic but I did find this book to be very accessible for someone like me who's an engineer:

https://www.amazon.com/gp/product/1593278268/ref=ppx_yo_dt_b...



Thanks, I'll take a look at it.

I find encrypting data in DB challenging, as you often still need to run queries on that data in a performant way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: