Laravel Crypt - 比较值 [英] Laravel Crypt - Comparing Values
问题描述
Crypt 总是添加盐,因此没有两个相同加密的实例是相同的。 通常,这是正确的,因为我可以比较两个解密的版本。但是,如果我想搜索在数据库中加密的值呢?
说我有一个用户的表我想加密电子邮件地址。现在我想通过电子邮件 test@email.com 找到某人。
我该怎么写这个查询?我不能只是 Crypt :: encrypt($ email),因为 encrypt 的这个迭代将不同于一个在DB中。
修改
目前,想想是得到所有的,并过滤他们:
$ match = User :: all() - > filter函数($ record)use($ email){
$ field = $ record-> email ['email'];
if(Crypt :: decrypt($ field)== $ email)return $ record;
});
但这很糟糕。我不想搜索所有内容。
如上所述,你不能。您所提供的答案是您不需要优化的方式。
如果您确实需要优化,而不需要完全损害加密值,并且已经剖析了解过滤器返回和处理的数据量是造成延迟的主要原因,您可以执行以下操作。
在表中添加一个新的字段,该表将存储散列的一个子集。根据唯一的电子邮件地址的数量,您可以调整此子集的大小。注意:越小越好,因为您使用这种方法泄漏了一些关于加密值的信息。例如,如果您存储电子邮件地址的1字节散列,则将加密熵减少约8位。
当您查询时,首先创建电子邮件散列的子集,并放置一个其中子句仅返回那些行。
所有这一切假定散列函数更便宜比解密步骤。这种方法将需要您重新计算所有散列子集,如果您想增加其大小,因此选择有意义地提高性能的大小,不会过度地危及加密,并且很可能不需要随着增长而变化
注意:在这种情况下,您不应该使用像MD5这样的直线哈希。不是因为它是碰撞的敏感性,而是因为关键空间会如此之小。如果性能很重要,并且存储大量的数据,则会打开自己的DOS攻击,从而攻击者创建大量的电子邮件地址,并将其全部散列到同一个子集。要解决此问题,请使用带有秘密密钥的 HMAC 功能。
请记住,除非您有真正的性能原因需要增加复杂性 - 不要
Given that Laravel's Crypt always adds salt, and so therefore no two instances of the same encryption are the same.
Normally, this is fine because I can compare the decrypted version of the two. However, what if I want to search for a value that is encrypted in the database?
Say that I have a table of users and I would like to encrypt the email address. Now I want to find somebody by the email test@email.com.
How do I go about to write the query for this? I cannot just Crypt::encrypt($email) and search since this iteration of the encrypt will be different than the one in the DB.
Edit
Currently, the ONLY thing I can think of is to get all, and filter through them:
$match = User::all()->filter(function($record) use($email) {
$field = $record->email['email'];
if(Crypt::decrypt($field) == $email) return $record;
});
but this is awful. I don't want to search through everything.
As described, you cannot. The answer you have given is the way you would achieve it if you don't need to optimize it.
If you do need to optimize it without completely compromising the encrypted value, and have profiled to find the amount of data returned and processed by your filter is a major cause of delay, you can do the following.
Add a new field to the table that will store a a subset of a hash. Depending on the number of unique email addresses, you can tune how large this subset is. Note: Smaller the better, as you are leaking some information on the encrypted value using this approach. For example, if you store a 1 byte hash of the email address, you are reducing the entropy of the encryption by ~8 bits.
When you query, first create the email hash's subset and place a where clause to return only those rows.
All this assumes the hash function is cheaper than the decrypt step. This approach would require you to re-calculate all hash subsets if you wanted to increase it's size, so picking a size that meaningfully increases performance, doesn't unduly compromise the encryption and most likely won't need to change as you grow is important.
Note: You shouldn't use a straight hash like MD5 in this situation. Not because of it's susceptibility to collisions, but because the key space will be so small. If performance is important and you store large amounts of data, you open yourself DOS attacks whereby the attacker creates large amounts of email addresses that all hash to the same subset. To hardern against this issue, use an HMAC function with a secret key.
Remember, unless you have true performance reasons for needing to add complexity - don't
这篇关于Laravel Crypt - 比较值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
