如何通过加密文本执行通配符搜索? [英] How to perform wildcard search thtough encrypted text?

问题描述

我们有一个拥有大量用户的网站，并且由于PCI合规性问题，我们必须将其名称加密存储(我们使用河豚鱼).现在，我们需要通过管理面板"中的名称来使用通配符搜索功能，而我们无法以查询中"的方式对其进行解密.

We have a website with tons of users, and because of PCI compliance issues we have to store their names encrypted (we use blowfish). Now we need to have a wildcard search feature through their names in Admin Panel, which we can't decrypt in "in-query" way.

存在哪些通用解决方案来解决此问题?

What general solutions exist to solve this problem?

推荐答案

我可以想到两种可能的方法.

I can think of two possible approaches.

第一种方法是名称本身不是秘密的，但与名称相关联的数据是秘密的.您可以设置一个单独的搜索索引:

The first works where the names themselves are not secret, but the data associated with them is. You can set up a separate search index:

Name                 Record Number
----                 -------------
John Q. Public       12345
Hector H. Suarez     54321
Katherine T. Carson  98712

搜索索引以找到相关的记录号.检索并解密该特定记录.

Search the index to find the relevant record number. Retrieve and decrypt that particular record.

第二个用于名称本身是秘密的情况.基本上，将名称视为密码:将每个名称用加密安全的哈希(例如SHA-256)进行哈希处理.在这种情况下，您将无法使用盐，因为它是用于搜索的.您可能还需要预处理搜索，因为"John Q. Public"和"John Q Public"(无句号)将散列为非常不同的值.该搜索索引如下:

The second is for when the names themselves are secret. Basically, treat the names like a password: hash each name with a cryptographically secure hash, like SHA-256. You won't be able to use salt in this case, because it is for searching. You might also need to pre-process searches as "John Q. Public" and "John Q Public" (no full stop) will hash to very different values. This search index looks like:

Hashed Name          Record Number
-----------          -------------
1A2BFF68C ... CAF4   12345
5820BAA5F ... 67FA   54321
2039F288A ... 9BC2   98712

对于每个搜索，您对名称进行哈希处理并查找该哈希.再次检索并解密适当的记录.除非您准备为所有主要的搜索可能性设置多个相似的索引，否则您不能进行检索所有史密斯"之类的部分名称搜索.

For each search you hash the name and look for that hash. Again retrieve and decrypt the appropriate record. You cannot do partial-name searches like, "retrieve all the Smiths," unless you are prepared to set up a number of similar indexes for all the main search possibilities.

这篇关于如何通过加密文本执行通配符搜索?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！